This is my first box on HTB. The amount of resets are crazy. I've enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step
@murp said:
This is my first box on HTB. The amount of resets are crazy. I've enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step
@Cervantes said:
This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don't know how i should guess it. i also don't know what htb "deafult" password are... this is really frustrating
Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven't been able to figure out where any button other then the "next next next" button is.
Once you realize how foolish Jeff is it only gets worse. Jeff's laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.
After you figure that out, well the rest is semi easy, just remember seeing isn't always believing.
@jc1396 said:
No matter which shell I try, I keep getting "This exploit may require manual cleanup of 'image.php' on the target". Am I missing something here?
you just have to manually figure out the path where the shell is uploaded and trigger ii manually for the first time.... for some reason metasploit wont do it for the first time!
google is your friend....
my first experience...
i find username and pass in a minute. but can't take priv.
i think... i study to priv esc methods.
if you anybody help me for give an advice or show the methods...
please contact with me.
thank you all..
hey any help in spawning a tty as I am getting error
sudo: unable to resolve host Nibbles: Connection timed out
sudo: no tty present and no askpass program specified
@0racle said:
my first experience...
i find username and pass in a minute. but can't take priv.
i think... i study to priv esc methods.
if you anybody help me for give an advice or show the methods...
please contact with me.
thank you all..
what does monitor.sh do when you run it? have you enumerated the box?
I need help with the privilege escalation and I use LinEnum.sh I already have a lot of information and for more than I try to get the information to create a user to do whatever it is I get the following error "sudo: unable to resolve host Nibbles: Connection timed out " and no I move forward and try many ways of privilege escalation
something has escaped me
Do not ask to restart everything if you can not enter because of an error or because they are on the blacklist wait 5 minutes verify you config, just ask to restart if they left information that could compromise the machine .. both restarting sometimes makes you lose track of what you are doing
I am as far as the login page, I have browsed the file directory, used dirb, tried all defaults I know under the sun. NO IDEA what to look at next. Someone please help!
I'm stuck trying to get my exploit to work. I'm using the obvious exploit, and have the username and password. Getting the typical issues with image.php. Have reset the box multiple times and tried several payloads.
Comments
God knows what was happening with that portal as the creds sometimes did/didnt work.
I've got the root.txt but not needing a root shell or via ssh.
Did anyone get in via SSH in the end or get a root shell instead of using XXX to run root commands.
KCSEC -- for Pentesting/hacking guides and Tools.
https://www.ivoidwarranties.tech/ - KCSEC Website
https://github.com/KCSEC
https://www.facebook.com/KCovertSEC/
Join the KCSEC HTB Team
https://www.hackthebox.eu/home/teams/profile/655
This is my first box on HTB. The amount of resets are crazy. I've enumed the username and login page pretty easily. Ive tried a ton of default passwords and even obvious things that are on the page itself. I feel like its possible based on the comments here that i may have already entered the correct password but its pretty buggy. Can anyone PM me to help so I can move on from this step
Feel free to PM me
I see a lot of people are having a hard time getting the login creds.
CeWL is the perfect tool for this! Check it out!
the box's name is there for a reason....
Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven't been able to figure out where any button other then the "next next next" button is.
Once you realize how foolish Jeff is it only gets worse. Jeff's laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.
After you figure that out, well the rest is semi easy, just remember seeing isn't always believing.
Don't be like Jeff, Jeff gets hacked.
you just have to manually figure out the path where the shell is uploaded and trigger ii manually for the first time.... for some reason metasploit wont do it for the first time!
google is your friend....
Trying to find a login page. Have enumerated with with dirb, dirbuster. I see an admin page with tons of php files that don't seem to do much.
hello guys..
i find everything...
i use everything...
but i cant successfull with to be root...
can you help me?
i get a shell, but a shitty one, cant execute basic commands. :-$
i find user.txt..
i find the monitor.sh...
so... now...
what should i do?
Execute linenum and check what that says..
my first experience...
i find username and pass in a minute. but can't take priv.
i think... i study to priv esc methods.
if you anybody help me for give an advice or show the methods...
please contact with me.
thank you all..
hey any help in spawning a tty as I am getting error
sudo: unable to resolve host Nibbles: Connection timed out
sudo: no tty present and no askpass program specified
or does it really needs to be spawned?
what does monitor.sh do when you run it? have you enumerated the box?
I need help with the privilege escalation and I use LinEnum.sh I already have a lot of information and for more than I try to get the information to create a user to do whatever it is I get the following error "sudo: unable to resolve host Nibbles: Connection timed out " and no I move forward and try many ways of privilege escalation
something has escaped me
Do not ask to restart everything if you can not enter because of an error or because they are on the blacklist wait 5 minutes verify you config, just ask to restart if they left information that could compromise the machine .. both restarting sometimes makes you lose track of what you are doing
resolve
i root
Hi - Slightly stuck. Could someone spare 5 mnutes and throw me a PM. Looking for a nudge, not the answer.
Thanks
i solved.
I have user. and know the somefile.sh have permission to execute.
I use "sudo -u root /home/somedir.../somefile.sh"
I can't get access to root. pls. help to get right way.
Thanks.
Anyone fancy giving me a hand? I think i'm really close! I have a meterpreter session now, just unsure if what i'm doing next is right or not
EDIT: I got user - onto root now!
First Ever hackhebox for me...
I am as far as the login page, I have browsed the file directory, used dirb, tried all defaults I know under the sun. NO IDEA what to look at next. Someone please help!
guys...
think simple...
until yesterday i do same mistake...
I'm stuck trying to get my exploit to work. I'm using the obvious exploit, and have the username and password. Getting the typical issues with image.php. Have reset the box multiple times and tried several payloads.
Got it. I was pointing at too much of the URI... take a look at the source code if you are having issues. It appends something to the URI you provide.
got the web username, now to guess the password. Is it really that obvious or am I missing something...
Got root - I just wonder if it was the intended method
i have user.txt now onto root. Tough one though, not sure if I need to ssh to the box or use the meterpeter shell?