Official Compromised Discussion

1356

Comments

  • Spoiler Removed

  • Type your comment> @sparkla said:

    Once you got rce, here's a little script you can use. It's almost like a real shell :D
    (Your script must support a get param named cmd)

    #!/bin/bash
    
    cmd=''
    while [[ $cmd != 'exit' ]];
    do
            read -p '$ > ' cmd
            curl -G http://compromised.htb/findThePathYourself/your-cmd-shell.php --data-urlencode "cmd=$cmd"
    done
    

    Thank you

  • edited September 16

    Got root. Needed a few nudges for root but got there in the end. If you need help let me know

    GPLO

  • I finally managed to get command execution, with a very limited shell. Don't quite know where to go from here...

    Raekh

  • Rooted. What a ride.

    Thank you @D4nch3n for a fun box. The hardest part for me was getting the first user. Once I figured out what things were "left behind" I was able to progress quicker.

    User->root was very nifty. I definitely went down more than a couple of rabbit holes before I figured out where the attackers had left their calling card.

    pugpug

  • Type your comment> @zilwah said:

    Spoiler Removed

    why ?? this was a simple *nix command not specifically related to any machine, vuln or exploit 🥴

  • For anyone feeling lost in the bac**p files, what made it super easy for me is to think which files were modified when and keep your eyes peeled. Could shave some time off of your file-diving ;)

    S1ph1lys

    We are the things that were and shall be again

  • Finally rooted. This one requires you to take care with your enumeration. I needed two nudges for user that I wouldn't have if I had been more thorough and thoughtful.

    My only other piece of advice is to practice your file searching tools (grep, find, etc). They will help you a lot. I agree with @HumanFlyBzzzz

    PM me if you need nudges. Let me know what you've tried so I don't spoil anything.

  • Accidentally reset my entire desktop and panels while messing around waiting for nmap to finish. Spent the last 45 min trying to get everything fixed. Can finally start this box now

    LMAY75
    Always happy to help, DM me if you need anything!

  • edited September 18

    I have grepped everything in existence where tf is this thing... I know you're somewhere...

    Edit: can someone give me a nudge? I seriously can't find this

    Edit 2: I was using the IP for feline the entire time *facepalm*

    LMAY75
    Always happy to help, DM me if you need anything!

  • edited September 21

    The shell script from @sparkla is very cool once you get a working webshell. Feels like a real shell, including proper formatting.

    Stuck moving forward from here though.

    Update: Moved forward, thanks to some nudges from @GPLO and @metuldann. Learned a new technique. Now on to the next user.

    Update 2: Managed to get the user flag. Now trying for root. So far haven't found anything "left behind" which can help me - any advice about where to look would be appreciated.

    Found something. Now just need to make it work.

    Finally got root. The last part is very cool. Thanks @D4nch3n for a great box - I learned a lot.

  • Again I decided against knowing better to try & move forward from the pseudo-shell to my user. I had some "fun" but still unable to make anything out of it.

    My initial prediction remained true, whatever is supposed to work here seems to work only in a very specific way, you're either lucky enough to find it or you aren't - for me this has little to do with hacking.

    Many hours wasted, learned nothing new, not the type of box I like to play here. Trollbox, Guessbox, Mysterybox, whatever you wanna call it. Not a Hackbox.

    Hack The Box

  • Type your comment> @sparkla said:

    Again I decided against knowing better to try & move forward from the pseudo-shell to my user. I had some "fun" but still unable to make anything out of it.

    My initial prediction remained true, whatever is supposed to work here seems to work only in a very specific way, you're either lucky enough to find it or you aren't - for me this has little to do with hacking.

    Many hours wasted, learned nothing new, not the type of box I like to play here. Trollbox, Guessbox, Mysterybox, whatever you wanna call it. Not a Hackbox.

    aren't half the boxes like this anyway?
    I thought it was a good box. some known vulns, some adapted vulns etc.
    It's all learning!!
    Must say couldn't have rooted without help though!

    adyd

  • edited September 18
    [Redacted]

    Hack The Box

  • edited September 19

    Type your comment> @sparkla said:

    Again, first blood happened like nothing was wrong, the missing link was spread through forum messages, probably initiated by the creator. I asked "why" we're having to endure such frustrating experiences and never got a real answer. That's what I call a Trollbox. Creators intentionally trolling players or not telling the reason why they do it.

    I've had this feeling since quite a while, that first blood has become a total BSh.t. Creators, moderators, other HTB staff, their friends and friends of friends. This is how it looks like and works. This is a commercial project in many aspects (not only the simple and straightforward) and owners apparently think that this way is the best one. You just need to filter out what has value from a total garbage, forget about first blood and I can guarantee you that you will feel way better immediately.

    m4rc1n

  • Anyone else getting an unresponsive webshell?

    LMAY75
    Always happy to help, DM me if you need anything!

  • edited September 18

    nvm

  • edited September 18
    [Redacted] - I stand to every word I said and that includes I have no intention to hurt or harm creators, the project or anyone else. It also includes, a lot of things aren't ok. Lets hope, they get better.

    Hack The Box

  • When I upload a file with the vq*** , the web interface crashes... but I'm still able to do some directory browsing on the website ... is that behavior intended ?

  • Please stop uploading files it crashes the server and has nothing to do with the exploit

    LMAY75
    Always happy to help, DM me if you need anything!

  • edited September 19

    $: ls /home

    $:

    Oh you don't wanna print anything? Yea... that's cool...

    LMAY75
    Always happy to help, DM me if you need anything!

  • Type your comment> @sparkla said:

    [Redacted] - I stand to every word I said and that includes I have no intention to hurt or harm creators, the project or anyone else. It also includes, a lot of things aren't ok. Lets hope, they get better.

    Of course you do, and of course no one wants to hurt anyone. You raised your concerns and I gave you an absolutely free of charge advise how could you possibly start feeling better and how can you find the peace of mind you've apparently lost. Nothing more than that.

    m4rc1n

  • edited September 19
    No, I haven't "lost peace of mind". Not sure why you said that. I valued your previous comments but didn't wanna let things escalate into endless HTB bashing, also I think we can only guess what's going on behind the scenes, if we don't get an official answer. Problems here are very real and some are severe. Problems with the boxes are one thing, how we tread each other is another, how we are being treaded maybe the most important one. We have to consider if our words do improve the issues or maybe make them worse. But it doesn't really belong here in a box thread, so lets cut it.

    Hack The Box

  • edited September 19
    If any other USER wants to support me on this, feel free to contact me.

    I have a pseudoshell and know the exact commands I theoretically have to run. I found the my*** fun but can't run it, tried to do it for hours on my command shell as well as directly through PHP using PDOs. I also tried every possible combination of quotes, escaping and so forth. Not even a simple touch command works.

    I can give this max. 1-2 more hours right now.

    Hack The Box

  • It is an interesting box and it is nice to see some DFIR skills being needed. Thanks to @D4nch3n for taking the time and effort to build this!

    I found it very enjoyable and the process was fairly straight forward. I can see how people might get frustrated though, my main tip would be slow down and make sure you've thought of what you are doing.

    This box will definitely punish people who rush to get a reverse shell.

    Sort of hints

    Initial Foothold: the public exploit does work but needs modification. Investigate why it fails and there is also public information on how to fix this.

    First account: Enumeration is the key. The information is available in at least two places. You can use this to access something via the initial foothold. Enumerate what it can do and then you can convince it to trust you so you can access as this account.

    Second account: You should know what account you want. Enumerate carefully and find loot. Use loot.

    Privesc: The box name is a hint. Look for things left behind. Use the hints on page 1. Ghidra helps but there are lots of other ways to do this. Find loot. Use loot.

    Overall, really good box which sits nicely in the "hard" bracket.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 19

    @TazWake said:
    It is an interesting box and it is nice to see some DFIR skills being needed. Thanks to @D4nch3n for taking the time and effort to build this!

    I found it very enjoyable and the process was fairly straight forward. I can see how people might get frustrated though, my main tip would be slow down and make sure you've thought of what you are doing.

    This box will definitely punish people who rush to get a reverse shell.

    Sort of hints

    Initial Foothold: the public exploit does work but needs modification. Investigate why it fails and there is also public information on how to fix this.

    First account: Enumeration is the key. The information is available in at least two places. You can use this to access something via the initial foothold. Enumerate what it can do and then you can convince it to trust you so you can access as this account.

    Second account: You should know what account you want. Enumerate carefully and find loot. Use loot.

    Privesc: The box name is a hint. Look for things left behind. Use the hints on page 1. Ghidra helps but there are lots of other ways to do this. Find loot. Use loot.

    Overall, really good box which sits nicely in the "hard" bracket.

    I really thought I was gonna get this one before you... ended up having to spend all day on homework smh :joy:

    LMAY75
    Always happy to help, DM me if you need anything!

  • @LMAY75 said:

    I really thought I was gonna get this one before you... ended up having to spend all day on homework smh :joy:

    Sorry! I had a slight advantage for privesc though as it aligned fairly well to my day job...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted! Nice machine.
    Learned some good stuffs.
    The root part is tricky and awesome.

    For Foothold: Google FU.
    For user: Enumeration
    For Root: If you got something, play with it in all possible orders. ;)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • After lots and lots of trial I found that trying to redirect stdout of a command through the cmd-shell might be misleading, several people claimed it would work so I focused on that in the first place. I couldn't get it to work, neither through my own code nor through someone else's code.

    I managed to get a real shell afterwards but user.txt wasn't in the location shown by the locate command. Not sure if that was intended or another "user manipulation", it was very late so I didn't reset the box to check again.

    Hack The Box

  • Yup the root is a bit of a kicker.. got user a while back - shell's arent that unstable. Good box.

Sign In to comment.