Official Feline Discussion

Official discussion thread for Feline. Please do not post any spoilers or big hints.

«1345

Comments

  • Yeah, I could use a bit of help on this one, I see the obvious path for the foothold but no idea how to trigger it. Would appreciate some reading material or a nudge

    Hack The Box

  • FYI, sample area (upload file) is functioning with chromimum but not from Firefox for me. I'm using Kali Rolling.

    Fr0Ggi3sOnTour

  • I see absolutely nothing obvious. There's u*.j that's pretty much happy about anything you feed it, except for a certain type.

    Stuck there, how did 5 people find this in under 1h? This keeps puzzling me, would love to watch over someone's shoulder how they approach this stuff and get it so fast.

    User blood is gone, so I think I'm gonna give up disappointed as every Saturday.

    Hack The Box
    Anger is more useful than despair - T800

  • Type your comment> @choupit0 said:

    FYI, sample area (upload file) is functioning with chromimum but not from Firefox for me. I'm using Kali Rolling.

    Gotta be kidding me. Cool I wasted my time for 2h with curl because that's what we are doing here on such a thing that's not doing what you might expect.

    Hack The Box
    Anger is more useful than despair - T800

  • Type your comment> @sparkla said:

    I see absolutely nothing obvious. There's u*.j that's pretty much happy about anything you feed it, except for a certain type.

    I found a l******.t*t file also. Concerning the author of the website code, with a link.

    Fr0Ggi3sOnTour

  • @choupit0 said:
    I found a l******.t*t file also. Concerning the author of the website code, with a link.

    That's usually just the author of the free html-template.

    Hack The Box
    Anger is more useful than despair - T800

  • Type your comment> @sparkla said:

    @choupit0 said:
    I found a l******.t*t file also. Concerning the author of the website code, with a link.

    That's usually just the author of the free html-template.

    Yes, nothing interesting.

    Fr0Ggi3sOnTour

  • edited August 29

    Does this box require setting up p**tfix or something similar? If so, could one point me to good rescources to securely deploy an S**P server? Thaks

  • apt install postfix

    > @W4RR10R said:
    > Does this box require setting up p**tfix or something similar? If so, could one point me to good rescources to securely deploy an S**P server? Thaks

    You can do:
    apt install postfix
    hostnamectl and /etc / hosts to configure your hostname (FQDN)
    /etc / postfix/ main.conf and master.conf to configure postfix
    systemctl start postfix and fix any remaining errors
    mail [email protected] to test
    (sorry for the spaces, the waf triggered)

    But the box won't know where to send the email cause it doesn't connect to the public internet and so it cannot query real nameservers. Even if it could, your hostname won't be there. And even if it would be there, cause you bought a domain, it still wouldn't be able to reach you unless you enter you VPN IP into the public DNS, and you VPN IP (tun0) changes each time you log in.

    It won't happen, but why not try a gmail address, never seen it on a box, maybe something new? I doubt it, to dangerous to leave the private shooting range we have here ;)
    But I hope I could teach you a practical bit at least.

    Hack The Box
    Anger is more useful than despair - T800

  • edited August 30

    I'm pretty sure to know what is the vuln to exploit. I know uploading a certain filetype leak a lot of informations about where the uploaded file is saved. I can upload my se*******d o****t "s****on" file. But cant find the good path to make my JS******D point to it.... If someone can give a nudge. Or share some toughts.

    Edit: Finally got it! Path is really helpful...

    Edit: Rooted. Amazing box! Thx @MrR3boot and @MinatoTW

  • edited August 29
    Yeah I saw the path disclosure, but it's not helpful at this stage. If you can wait till tomorrow I can team up with you, although I'm doing this on very low priority right now.

    Hack The Box
    Anger is more useful than despair - T800

  • No Idea what it is doing on the backend, like folder structure to get se*******d o****t file

  • I am able to upload certain files from the service page (except image files) but I cannot find where the file is uploaded. Can someone give a nudge..

  • Same as above... no idea where to find/use uploaded files. Nudges please :)

  • edited August 30

    im tryn to read u.jp to see where the files i uploaded go but i get invalid request not sure if im my steps are correct or no

  • edited August 30

    .

  • @m1r3x how did you find this kinda file, I have already used filter to extract all js files in gobuster. It revealed only u****d.js

    offs3cg33k

  • edited August 30

    Type your comment> @offs3cg33k said:

    @m1r3x how did you find this kinda file, I have already used filter to extract all js files in gobuster. It revealed only u****d.js

    nvm, I wrote wrong file name by mistake.

  • edited August 30

  • I can see the filepath where it attempts to put the file you upload, just have no idea how to utilize it. Any nudges? :)

    Hack The Box

  • Are we sure that there is any kind of analysis on the uploaded files ?

  • Rooted, great box :)

    'These violent delights have violent ends'

  • Got user! Very educating user process.

    Hack The Box

  • Type your comment> @Caracal said:

    Rooted, great box :)

    any nudges for root?

  • Any nudges for root? All my enumerations have failed me so far.

    Hack The Box

  • edited August 30

    @m1r3x said:

    @Caracal said:
    Rooted, great box :)

    any nudges for root?

    @purplenavi said:

    Any nudges for root? All my enumerations have failed me so far.

    Enum carefully the network environment, google and you are in.
    You are in ? Great ! How much you know about a common way to communicate between application and the environment you are in ?

    'These violent delights have violent ends'

  • edited August 30

    I got the user (thanks for the nudge @gverre about the s*rial...).

    NSE vulners could help you to identify the right security issue...

    After, Google to find an interesting article... but before you have to try different things to find the right path... B*rp could help.

    Fr0Ggi3sOnTour

  • Tried everything to enum the right file path for my uploads but couldn't able to figure out. Any nudges

  • Type your comment> @rahul63425 said:

    Tried everything to enum the right file path for my uploads but couldn't able to figure out. Any nudges

    dm

  • can someone nudge me on the root part. I think I have figured out something, but can't guess which way to turn it to exploit

    offs3cg33k

Sign In to comment.