Official Reel2 Discussion

Official discussion thread for Reel2. Please do not post any spoilers or big hints.

«1

Comments

  • 20 minutes live...still host unreachable, no ping nothing...dead? whatthe...???

  • It doesn't release for 39 minutes according to the machines page.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • gotcha! Thank you

  • Very quiet in here

    LMAY75
    Always happy to help, DM me if you need anything!

  • Type your comment> @LMAY75 said:

    Very quiet in here

    Ofcourse, everyone is gone... Fising. :hushed:

  • Well, I need a break from Intense so I guess I'll join come the fun. I feel like I'm so close on the SQLi for that box and just ever so slightly off. Maybe after a break I will be able to think of something.

    LMAY75
    Always happy to help, DM me if you need anything!

  • Hard box to get foothold, found some things but all seem deadends so far.

  • edited October 3

    Type your comment> @SanderZ31 said:

    Hard box to get foothold, found some things but all seem deadends so far.

    Same here.

    Will this involve installing some random software that isn't normally installed on linux/kali/whatever to access something? It's the only lead I have at this moment.

    Edit: I don't think that's it. Lol. I have no idea.

    Hack The Box

  • There's a hidden site - still not sure if it's a rabbit hole but the source code is online so it's at least halfway easy to maybe find a foothold there...

  • Stuck, any hint would be welcome.
    From the looks of it only 8 users have user so far. :open_mouth:

  • hmm
    Wonder if /sup**bx is the way in?
    some kind of SL wizardry ...

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. :/ I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.

  • Type your comment> @Zot said:

    I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. :/ I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.

    For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie

    Hack The Box

  • well... now that i have creds, i feel even more lost than before.

  • edited October 5
    Wtf winrm? rabbit hole? I have valid credentials :neutral:
  • edited October 5

    Type your comment> @zer0bubble said:

    well... now that i have creds, i feel even more lost than before.

    As in you made yourself an account, or found some somewhere?

    Edit: I don't speak this language. I don't think I need an exploit, per se.

    Edit: If anyone is on here that has gotten a foothold, am I supposed to chase the "bad" exploit, or am I way off base?

    Hack The Box

  • Love the Swedish\Scandi names @cube0x0 :D

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • enter in the wastant messenger so what to do now!! tried everything to get the shell!!
    bot no use!!

    Scorpion4347

  • Got creds to something (not the social media site), and I think I know what I'm supposed to do, but everything I've tried so far hasn't worked. And I'm about to throw in the towel.

    Hack The Box

  • Finaly got user pff! @S1ckB0y tnx for the headsup when i was stuck.

  • is something broken, I can log into (not social site) but am greeted with an error.

    Hack The Box

  • Type your comment> @luca76 said:

    Type your comment> @Zot said:

    I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. :/ I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.

    For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie

    No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)

  • edited October 6
    Type your comment> @Zot said:
    > Type your comment> @luca76 said:
    >
    > (Quote)
    > No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)

    I have the user too, and I have a shell, but it's not easy anyway, in fact I would say that now the road is uphill for me, I'm not good with P **** s *** l

    Hack The Box

  • managed to read the root.txt but didnt get a root shell. Anyone who managed to get a rootshell? :)

  • I've been in a shell for two days without being able to do shit, but what fucking witchcraft is this?

  • rooted without root shell. I don't think this box could pop root shell, since we're limited function :)

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • Interesting, I have a fully functional user shell but not super clear atm where to go next.

  • Type your comment> @luca76 said:

    Type your comment> @Zot said:

    Type your comment> @luca76 said:

    (Quote)
    No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)

    I have the user too, and I have a shell, but it's not easy anyway, in fact I would say that now the road is uphill for me, I'm not good with P **** s *** l

    I've never used the... restricted environment (if you've made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.

  • Reel2 ... i got root!! Insane and crazy box

    Hack The Box

  • edited October 7

    Type your comment> @CyberVaca said:

    Wtf winrm? rabbit hole? I have valid credentials :neutral:

    yeah.. I am getting the same here.
    Got 2nd user creds but winrm is not playing the game... what am I missing?

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

Sign In to comment.