Official Intense Discussion

124

Comments

  • I'm stuck at square one on this box but I do have some theories but I could do with running them past someone who has completed this box (or at least got user) so I don't spend the rest of my life chasing red herrings down rabbit holes.

  • I am stuck on s**p thing !! Timeout: No Response this is the error i am facing

  • edited August 2020

    finally got root, what a ride
    really struggled with the root part, bc of some stupid mistakes (from now on, i will double check everything ;) )

    thanks to @sokafr for the really great box

    Arrexel

  • finally rooted. definitely the hardest box I've done so far, particularly the last part. I learned a lot. thanks @sokafr!

  • I could use a nudge on the s**i part... i'm having a hard time finding a slow thing that isn't banned. would appreciate a nudge or being told this is not the way.

  • It took me some time... but I got root! What a great box! One of my favorites! Thanks @sokafr
    If someone needs small a nudge, you can send me a PM :smiley:

    ArtemisFY
    OSCP

  • OMG @sokafr
    Amazing box, thx for the 7 days of fun.

  • Found the user flag but struggling to find a way to get to shell. Have essentially enumerated the entire filesystem, but guessing this is way overboard and I'm missing something obvious. Should I be looking further at the original code, something to do with ***.c, or perhaps a key? A nudge in the the right direction would be fantastic.

  • Got root! User was fun! Root is easy)

  • Im at the point of getting shell using what found in one place, but methods described in articles and docs I found do no work when I try extending "stuff". I believe Im on right track, but still receive errors and cannot achieve execution. What am I doing wrong? Hmmm

    m4rc1n

  • Type your comment> @m4rc1n said:
    > Im at the point of getting shell using what found in one place, but methods described in articles and docs I found do no work when I try extending "stuff". I believe Im on right track, but still receive errors and cannot achieve execution. What am I doing wrong? Hmmm

    Double check your syntax or PM for a pointer. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited September 2020

    Type your comment> @gunroot said:

    Type your comment> @m4rc1n said:

    Im at the point of getting shell using what found in one place, but methods described in articles and docs I found do no work when I try extending "stuff". I believe Im on right track, but still receive errors and cannot achieve execution. What am I doing wrong? Hmmm

    Double check your syntax or PM for a pointer. :)

    Did not find the right syntax, but managed to get it with a little bit of automation -;)

    m4rc1n

  • AAAAnnd...done!
    Obviously with tons of help from @TazWake (thanks for being so kind, really!) and a little nudge from @pinnn
    I am quite confused and i think i have yet to understand better what i did and how i succeded. This machine is definitely on the upper layers of the hard classification, and could have been easily placed with the insane ones.

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • I've managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.

  • Type your comment> @rayjolt said:

    I've managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.

    You might have overlooked an open port. You can enumerate the configuration file for that service which will give a lot clues for an attack.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @rayjolt said:
    > I've managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated.

    That is the wonderful part in the machine. Try to read some network oriented config files. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @TazWake said:
    You might have overlooked an open port. You can enumerate the configuration file for that service which will give a lot clues for an attack.

    @gunroot said:
    That is the wonderful part in the machine. Try to read some network oriented config files. :)

    Thanks, I found it. Now to work out how to exploit it...

  • Gosh that box is a marathon.... i think i'm at the very last stage (finally), entering waters that i'm not at all comfortable with, but on the other side it would pain me to give up here after all the work.

    lebutter
    eCPPT | OSCP

  • edited September 2020

    I would like to ask a specific question about the last step when building the exploit. Maybe somebody like to message me.

    EDIT: Okay, not needed any more. I found my mistake :smiley:

    Hack The Box

  • edited September 2020

    ~~I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can't-find-message like ' Can't find ../../../ ' ?
    Reset the box twice but still can not enumerate the fs. Someone else stuck here?~~

    Thank you @gunroot

  • Type your comment> @Maxiquester said:
    > I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can't-find-message like ' Can't find ../../../ ' ?
    > Reset the box twice but still can not enumerate the fs. Someone else stuck here?

    Read the source code clearly. There is more than one end points for separate purposes.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Type your comment> @Maxiquester said:

    ~~I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can't-find-message like ' Can't find ../../../ ' ?
    Reset the box twice but still can not enumerate the fs. Someone else stuck here?~~

    Thank you @gunroot

    check exactly the path.

  • I am stuck at the root part. I have found something that I want to forward to my attacking machine. But I can't figure out how? Any hints?

    MurkMurker

  • Spoiler Removed

  • The command-lines I posted, which have been marked as spoilers, didn't work anyway. Sorry for creating confusion, I just found out while doing a follow-up on this machine. Try a handfull exfiltration methods. One standard (spoiler?) procedure will work, I promise.

  • yeah it worked... just didn't finish on its own... so spoiler-alert was justified I guess.

  • edited October 2020

    Does this box ban outgoing communication? I have RCE. but I can't ping and curl to my machine.

    Edit: I found it's not important.

  • edited October 2020

    So I see my favorite syringe tool doesn't appear to want to work... this is gonna be messy

    Edit: I am in pain

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • edited October 2020

    Type your comment> @1shikoroK0ishi said:

    Does this box ban outgoing communication? I have RCE. but I can't ping and curl to my machine.

    Edit: I found it's not important.

    same problem I can do any command like whoami , id and ls
    but when use wget,curl, ping and reverse shell didn't work

    any help

  • I GOT THE QUERY RIGHT HELLLLL YEAAA!!! :sunglasses:

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

Sign In to comment.