Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Well, I need a break from Intense so I guess I'll join come the fun. I feel like I'm so close on the SQLi for that box and just ever so slightly off. Maybe after a break I will be able to think of something.
Always happy to help, DM me if you need anything! Link to Profile
Hard box to get foothold, found some things but all seem deadends so far.
Same here.
Will this involve installing some random software that isn't normally installed on linux/kali/whatever to access something? It's the only lead I have at this moment.
Edit: I don't think that's it. Lol. I have no idea.
There's a hidden site - still not sure if it's a rabbit hole but the source code is online so it's at least halfway easy to maybe find a foothold there...
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
Got creds to something (not the social media site), and I think I know what I'm supposed to do, but everything I've tried so far hasn't worked. And I'm about to throw in the towel.
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
Type your comment> @Zot said:
> Type your comment> @luca76 said:
>
> (Quote)
> No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it's not easy anyway, in fact I would say that now the road is uphill for me, I'm not good with P **** s *** l
(Quote)
No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it's not easy anyway, in fact I would say that now the road is uphill for me, I'm not good with P **** s *** l
I've never used the... restricted environment (if you've made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.
Comments
20 minutes live...still host unreachable, no ping nothing...dead? whatthe...???
It doesn't release for 39 minutes according to the machines page.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
gotcha! Thank you
Very quiet in here
Always happy to help, DM me if you need anything!
Link to Profile
Type your comment> @LMAY75 said:
Ofcourse, everyone is gone... Fising.
Well, I need a break from Intense so I guess I'll join come the fun. I feel like I'm so close on the SQLi for that box and just ever so slightly off. Maybe after a break I will be able to think of something.
Always happy to help, DM me if you need anything!
Link to Profile
Hard box to get foothold, found some things but all seem deadends so far.
Type your comment> @SanderZ31 said:
Same here.
Will this involve installing some random software that isn't normally installed on linux/kali/whatever to access something? It's the only lead I have at this moment.
Edit: I don't think that's it. Lol. I have no idea.
There's a hidden site - still not sure if it's a rabbit hole but the source code is online so it's at least halfway easy to maybe find a foothold there...
Stuck, any hint would be welcome.
From the looks of it only 8 users have user so far.
hmm
Wonder if /sup**bx is the way in?
some kind of SL wizardry ...
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/
I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website.
I don't think this is a spoiler because it helps with absolutely nothing, more like a "don't waste your time" spoiler.
Type your comment> @Zot said:
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
well... now that i have creds, i feel even more lost than before.
Type your comment> @zer0bubble said:
As in you made yourself an account, or found some somewhere?
Edit: I don't speak this language. I don't think I need an exploit, per se.
Edit: If anyone is on here that has gotten a foothold, am I supposed to chase the "bad" exploit, or am I way off base?
Love the Swedish\Scandi names @cube0x0
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/
enter in the wastant messenger so what to do now!! tried everything to get the shell!!
bot no use!!
Got creds to something (not the social media site), and I think I know what I'm supposed to do, but everything I've tried so far hasn't worked. And I'm about to throw in the towel.
Finaly got user pff! @S1ckB0y tnx for the headsup when i was stuck.
is something broken, I can log into (not social site) but am greeted with an error.
Type your comment> @luca76 said:
No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
> Type your comment> @luca76 said:
>
> (Quote)
> No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it's not easy anyway, in fact I would say that now the road is uphill for me, I'm not good with P **** s *** l
managed to read the root.txt but didnt get a root shell. Anyone who managed to get a rootshell?
I've been in a shell for two days without being able to do shit, but what fucking witchcraft is this?
rooted without root shell. I don't think this box could pop root shell, since we're limited function
OSCP | Sec+ | MCSE | VCP | CCNA
Interesting, I have a fully functional user shell but not super clear atm where to go next.
Type your comment> @luca76 said:
I've never used the... restricted environment (if you've made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.
Type your comment> @CyberVaca said:
yeah.. I am getting the same here.
Got 2nd user creds but winrm is not playing the game... what am I missing?
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/