Official Compromised Discussion

Official discussion thread for Compromised. Please do not post any spoilers or big hints.

«1345678

Comments

  • No ports are open. Is it a tech issue?

  • yes, but if you respawn an instance it should be good to go.
    about...
    now.
    :hushed:

  • I have some ideas but none of them are working so far, gonna try harder.
    Just putting it here in case someone wants to exchange ideas.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • no clue if its intended or not.. in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :| rip

  • Very confused, seems like this could be really straight forward, but it isn't quite working yet hm.

    QSoloX

  • I got webshell but I can't get reverse shell :(, any hint?

  • Rooted, interesting path for root.

    'These violent delights have violent ends'

  • wow nice box, going down a certain CVE path that has to do with vq**** stuff - not sure it's right path - both first bloods by one of the best in htb - wasn't really expecting to emulate that, especially after starting over 1.5 hours late...but, very engaging so far... ;-)

  • ^ im battling with the exploit myself, everything seems to be right for me but then it just doesn't work.

    QSoloX

  • Im at a bit of a loss, i found the exploit, but no matter what my shell will not work. Any tips?

    QSoloX

  • found a CVE , but fail to add , is it wrong way ?

    image

  • Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    Raekh

  • Type your comment> @CyberVaca said:

    I got webshell but I can't get reverse shell :(, any hint?

    This box does not allow network connection..
    ssh is here the "key" "gen"erally ;-)

    thank you @D4nch3n - nice box!

  • Type your comment> @Raekh said:

    Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    me,too

  • Spoiler Removed

  • @FTNTT said:

    @Raekh said:
    Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    me,too

    Enum, enum is all i can say.

    'These violent delights have violent ends'

  • @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    Raekh

  • Type your comment> @Raekh said:

    @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    yeah true. so, youre on the right path.
    check again what you got, maybe something that does not get rendered in source code files :)

  • @Raekh i am in your situation ;) bashing my head against what i have

  • @Raekh said:

    @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    It's not about low level people. If you found the file, i say "enum,enum,enum" because it should be clear what you have to do and how to do it.
    It's not even about level, but more about clearness, you have a CVE, you need password, and if you have that file, it's just about enum, and it's clearly impossible to give a clue, without spoiling that part.
    You don't need to hijack anything, you don't need to bruteforce creds.

    For foothold:

    • If you don't have it, common list will help you to get to it.
    • If you have it, just search what you need in it.

    'These violent delights have violent ends'

  • I just found admin creds after bashing my head against the wall for a while.

    Tip: When people say look for logs, don't get tunnel vision like i did. Instead, once you find something remotely interesting, then follow it all the way even if it means navigating to other directories. You won't find the creds in the backup folder only a way to find them.

    (Please remove if i gave away too much)

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • I just can't find the creds, I've been searching for hours!!!

  • edited September 2020

    the creds are not in the tar file... but if you read the contents of that archive carefully... then you will find a path where to look for creds

    PS: assume that is not a spoiler, either you have found the tar file or you have not

  • Hello, creator here, just gonna repost the hint that I have made public in the discord chat, if you are stuck at a certain part.

    "Trace the attacker's steps, see what persistence they laid out. One way is by turning a user who normally cannot login, be able to login, and tampering with its service to get persistent access into the box. Maybe they didn't clean up very well?"

    I'm no longer really active on the forums (trying to reduce the number of accounts to check :P ), but DM me on discord for further hints.

  • the little side hint @tang0 and @cool4coder gave here are important. And Thanks !

  • Type your comment> @Sys7em said:

    Type your comment> @CyberVaca said:

    I got webshell but I can't get reverse shell :(, any hint?

    This box does not allow network connection..
    ssh is here the "key" "gen"erally ;-)

    thank you @D4nch3n - nice box!

    True, I saw what I was missing. Thx u dude

  • edited September 2020

    Does the CVE actually work on this box ? Running it seems to do nothing but a blank page.

  • I hav got a webshell but when i go to it i get blank stuff

  • edited September 2020

    When certain file is uploaded, just for test sake, seems web server is crashing. Not sure if that is intended behavior, but machine reset is needed.
    Someone if could confirm same...

  • same issue. Seems like the the machine would've had to reset every time someone pushed up a invalid file.

Sign In to comment.