Official Compromised Discussion

2456

Comments

  • edited September 13

    Does the CVE actually work on this box ? Running it seems to do nothing but a blank page.

  • I hav got a webshell but when i go to it i get blank stuff

  • edited September 13

    When certain file is uploaded, just for test sake, seems web server is crashing. Not sure if that is intended behavior, but machine reset is needed.
    Someone if could confirm same...

  • same issue. Seems like the the machine would've had to reset every time someone pushed up a invalid file.

  • Spoiler Removed

    Fr0Ggi3sOnTour

  • Got code execution and the next regret I tried again. Cause after CE goes nothing.

    @choupit0 said:
    On recrute ! 👽 We are hiring!

    Looking for a job.

    Hack The Box

  • Type your comment> @sparkla said:

    Got code execution and the next regret I tried again. Cause after CE goes nothing.

    @choupit0 said:
    On recrute ! 👽 We are hiring!

    Looking for a job.

    Invitation sent ;)

    Fr0Ggi3sOnTour

  • rooted i like the box in the first part
    my hints:
    -simple enum can you in the place
    -you are there take a look what you can do the cve gives issues simulate with burp
    -you are there ,limited but there, dont forgot its compromised
    -the attacker can come back so think how with everything limited
    -you found the way get in dont be shied
    -ok stay at home its not safe out
    -think how the attacker can gain root he must left a backdoor

    hope its not a big spoile
    thanks to @TheCyberGeek for hints this guy is geek really
    also thanks to @D4nch3n for this box

  • Can't seem to get the exploit to work. Getting 200s, but nothing else. Hmm. Probably missing something simple.

    Hack The Box

  • Type your comment> @pizzapower said:

    Can't seem to get the exploit to work. Getting 200s, but nothing else. Hmm. Probably missing something simple.

    Remember, php can give you some info() ;)

    Still looking how to continue after CE

    Hack The Box

  • edited September 14

    Type your comment> @sparkla said:

    Type your comment> @pizzapower said:

    Can't seem to get the exploit to work. Getting 200s, but nothing else. Hmm. Probably missing something simple.

    Remember, php can give you some info() ;)

    Still looking how to continue after CE

    Yeah, I just thought of that, and now I'm stumped again. Gonna need to do a little research. My php is rusty, lol

    Edit: that didn't require as much research as I thought, edit: more research than I thought

    Hack The Box

  • edited September 14

    Once you got rce, here's a little script you can use. It's almost like a real shell :D
    (Your script must support a get param named cmd)

    #!/bin/bash
    
    cmd=''
    while [[ $cmd != 'exit' ]];
    do
            read -p '$ > ' cmd
            curl -G http://compromised.htb/findThePathYourself/your-cmd-shell.php --data-urlencode "cmd=$cmd"
    done
    

    Hack The Box

  • edited September 14

    I uploaded a webshell using the exploit from e*****tdb and the admin credentials but the shell doesn't seem to respond, I don't know if I'm getting the upload path wrong or somehow it's getting deleted, if anyone got the same issue and could help with nudges I would appreciate very much! (I tryied some other things and I think I took the box down :neutral:)

    PS: I manage to make uploads manually using burp. but still can't get much response... At least I now know that the upload is successful since when I try to trigger a reverse shell which daemonise itself I get a common error: "WARNING: Failed to daemonise. This is quite common and not fatal. () " but still no connection. I was also able to upload a file with only the content "test" and it gets succesfully displayed but I can't make it parse any commands to the system...

  • @0xTen see my previous comment about info..

    Hack The Box

  • Type your comment> @sparkla said:

    Once you got rce, here's a little script you can use. It's almost like a real shell :D
    (Your script must support a get param named cmd)

    #!/bin/bash
    
    cmd=''
    while [[ $cmd != 'exit' ]];
    do
            read -p '$ > ' cmd
            curl -G http://compromised.htb/findThePathYourself/your-cmd-shell.php --data-urlencode "cmd=$cmd"
    done
    

    yeah those commands can't be executed while php has blocked all of those functions :(

    Hack The Box

  • Spoiler Removed

    Hack The Box

  • edited September 19

    Spoiler Removed

    Hack The Box

  • edited September 19

    Spoiler Removed

  • I'm already the sys***** user but I don't see shit to go to root
  • can someone please give me a hint, with which non-deactivated PHP function I get RCE?
  • Type your comment> @Furie said:

    can someone please give me a hint, with which non-deactivated PHP function I get RCE?

    The same question

  • Type your comment> @FTNTT said:

    Type your comment> @Furie said:

    can someone please give me a hint, with which non-deactivated PHP function I get RCE?

    The same question

    If you are new to php, you must have used echo "hello world" 😉

  • Hi
    can anyone give me nudge for user part?
    I already have RCE

    Hack The Box

  • Rooted. I found the user part very interesting.
    No hints from my side , I believe that are enough ones left on the forum. PM for nudges.

    Thanks to @D4nch3n for this funny box :smiley:

    Hack The Box

  • rooted!

    HTB{HappyHacking}

  • Seems interesting! I got everything I need, still the public exploit missing away. :blush:

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Got user. Very cool box so far. Kudos to the creator

    GPLO

  • I discovered a .sh***p file in the downloaded archive. However when opening it in browser it gives a blank page and with curl I get a 404. It's a rabbit hole I guess, or is it not?

  • Ok, have RCE, but not reverse shell. I would appreciate hint or some sake where I lost it.

  • edited September 15

    @solid5n4k3 said:

    Ok, have RCE, but not reverse shell. I would appreciate hint or some sake where I lost it.

    The box can be done without having a reverse shell.
    If you have RCE and not just P** CE, you can assume that something is blocking you from getting one.

    'These violent delights have violent ends'

Sign In to comment.