Dante Discussion

1235711

Comments

  • Type your comment> @Ectrix said:

    Hello all. In need of some help escalating ws03. Got user and a shell but need some tips on how to progress. Thanks.

    You can send me a PM if you are still stuck.

  • edited November 2020

    I've got the first 15 flags, and I just owned the machine that seems to be the intended pivot to the admin subnet based on a few hints lying around the machine, but it's not a dual homed host or anything. I can't ping machines in the admin subnet or load webpages in the browser from this machine. Is there more I need to do on this machine to get access to the second internal network?

    Edit: Solved. Just wasn't being stubborn enough. Thanks ST0wn.

  • edited November 2020

    Anyone able to lend a hand on the LFI? Not exactly sure how to get a shell from it, feel like I have tried absolutely everything and am down a rabbit hole

  • edited November 2020

    anyone having issues hitting the LFI? getting unable to connect

    sorted, anyone give me a nudge on downloading a .zip

  • Type your comment> @browna351 said:

    sorted, anyone give me a nudge on downloading a .zip

    Maybe netcat.

  • Anyone able to give some hints for moving off the foothold machine? I've found a few things and got a few ideas but having trouble getting anything to work.

  • hello everyone, i feel like i'm running in circles enumerating the DC-01... i'm stuck on WS-01 and SQL-01 too, anyone has an idea on what to do?

  • Anyone out here who can help me out a bit on the initial foothold? Got first flag, know which user to target, got the text file, however, rockyou is not helping me out at all. Been stuck pretty long ;c

  • Type your comment> @Mayseve said:

    Anyone out here who can help me out a bit on the initial foothold? Got first flag, know which user to target, got the text file, however, rockyou is not helping me out at all. Been stuck pretty long ;c

    for a hint on foothold feel free to dm me

  • Anybody out there willing to give me a pointer on the foothold for DANTE-SQL1 or the box running Jenkins?

  • Type your comment> @f3eDme said:

    hello everyone, i feel like i'm running in circles enumerating the DC-01... i'm stuck on WS-01 and SQL-01 too, anyone has an idea on what to do?

    Edit: Got both DC-01 and WS-02 (mistyped the firt time) moving on to SQL-01

  • edited November 2020

    Anybody completed the Jenkins box? I have a hunch of what is required, however I'm not sure how to pull it off without a POC?

    Have completed half the lab, so PM me if anyone needs pointers, and i may be able to help.

  • edited November 2020

    I've got everything but WS02. Based on the flag name and position in the list I have a hunch about what computer I might need to look at for a foothold on WS02, but I haven't found a way yet. Would appreciate a hint...

    Also willing to give hints on the other machines. Just PM me.

    Edit: Finally got it. Thanks for feedback.

  • Got the 1st flag. Anyone can give me a nudge on the 2nd?I have an idea and I'm trying it, if not this, I don't know. Can someone DM me a hint please? Thank you!

  • Guys, is the .100 w*******s pass changed? Cause I can't login.

  • Just to give some hints like classic machine lab discussion:

    Century box:

    • user: trust the information you have and persevere with your own content

    • root: enumeration scripts most likely give you the solution

    • Pivot: SSH and SOCKS are common tools to do this

  • edited December 2020

    Edit: Disregard! :smile: (Started the lab today. This was just a comment about filtered ports.)

    Hack The Box

  • Hi guys. I have been stuck at privesc on NIX02 from F to root for a few days now. I have identified that we must be talking about p***** lib**** h******** but I simply cannot make it work (seems like the way the script gets called does not execute the code?). I have watched all Ippsec's videos about it and googled. Could someone please PM me a hint. Thanks

  • Just to give some hints like classic machine lab discussion:

    NIX02:

    • user: somtimes read is more usefull than execute

    • root: read files again

  • Type your comment> @michael7474 said:

    Just to give some hints like classic machine lab discussion:

    NIX02:

    • user: somtimes read is more usefull than execute

    • root: read files again

    You are right, thank you!

  • edited December 2020

    Hmm... I got the first flag reasonably quickly, but am quite stuck with the second flag. After looking at the interesting information, I know that the target was not very wise. I'm assuming r******.*** is not the right way?

    Edit: Finally got second flag... The small nudge from @michael7474 above helped! :smile:

    Hack The Box

  • Any nudge on NIX02 root? I've read the user flag but can't seem to find anything regarding getting root. All possible paths for the vuln has been enumerated with no luck.

  • Hola everyone. Hoping to have a sanity check here. I'm on the initial machine. I've found the three ports, grabbed the info from the first, and have been trying for some time to brute force the WP login. Being as there doesn't appear to be any vulnerable plugins or themes, I'm guessing the path is bruteforcing the login page.

    Is this correct? And if so, is it doable with rockyou or is something else necessary? I'm 46,000 passwords in to rockyou and nothing yet.

    Thanks!

  • @dievu5 said:

    Is this correct? And if so, is it doable with rockyou or is something else necessary? I'm 46,000 passwords in to rockyou and nothing yet.

    With a huge caveat that I haven't looked at any of the problabs, so I could be totally wrong, but in general this would be a sign that its not the right way to go. As a rule of thumb, HTB shouldn't need long brute force attacks.

    Hopefully someone who has done this box will be able to add more context.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @dievu5 said:

    Is this correct? And if so, is it doable with rockyou or is something else necessary? I'm 46,000 passwords in to rockyou and nothing yet.

    With a huge caveat that I haven't looked at any of the problabs, so I could be totally wrong, but in general this would be a sign that its not the right way to go. As a rule of thumb, HTB shouldn't need long brute force attacks.

    Hopefully someone who has done this box will be able to add more context.

    My guess too. I don't really do anything on this platform, so not sure what to expect.

  • Anyways, a nudge in the right direction is certainly appreciated.

  • Type your comment> @dievu5 said:
    > Anyways, a nudge in the right direction is certainly appreciated.

    Research a tool that can help you generate a custom word list based on what you have been able to access.

    limelight

  • Type your comment> @limelight said:

    Type your comment> @dievu5 said:

    Anyways, a nudge in the right direction is certainly appreciated.

    Research a tool that can help you generate a custom word list based on what you have been able to access.

    So you're saying that a password list I can create with CeWL isn't going to have a password that's already in rockyou?

  • Using cewl to create a word list from scraping a unique site may give you words not in rockyou.

    limelight

  • edited December 2020

    Type your comment> @limelight said:

    Using cewl to create a word list from scraping a unique site may give you words not in rockyou.

    Well isn't that something. Thanks for the suggestion. :) Interesting enough I killed wpscan's bruteforce at 147,000. The password isn't far off above it.

Sign In to comment.