Official Time Discussion

13567

Comments

  • Type your comment> @Chobin73 said:

    Type your comment> @toddbrecher said:

    Anybody having issues with their root shell not persisting very long? I've managed to pop the root shell, but it seems to expire after ~5 seconds.

    pm

    Can you please pm me the same thing? I just rooted Time also (with a little help from a friend) ;-) but we both experienced a very very unstable root shell. It's enough to get the flag, but it doesn't feel solid. Any advice to improve is very welcome!

  • Hello,

    After a lot of days of enumeration and learning i found the right CVE. ( Or i guess I did )

    Is any1 kind and can provide me some tips in regards to how can i make the exploitation?

    I cannot write here what i tried so far, but I can send a personal email with everything that i tried.

    If any of you with more experience can provide some hints to a noob like me, is more than welcome!

    Thank you!

  • honestly though, why isn't this box rated insane?

  • edited November 2020

    .

  • the user asked for sometime but the rest was easy except that the root shell was quite unstable. It can be kept next to traceback if i consider its easiness

    image

  • I think i've found the vuln although there are two that I'm looking at. Not sure if maybe I am mistaken and maybe just going down a rabbit hole. I am getting an error "****Object***no such class found" when trying to use "****z****h*****.H****C****" class.

  • Can't seem to get a foot hold on this one. I can get the error (V********n f****d:)but can't seem to find any CVEs. Can someone help me out?

  • Rooted.

    Hint for user: Start with latest CVEs first. Not doing this wasted a lot of my time.

    PM for nudges.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Nice box. The hardest part is finding the right CVE after that its pretty straight forward.

    Hack The Box

  • Rooted!

    Finally! It was super interesting on the user part. Big thanks to @zaphoxx for the hint on user. Since I'm so noob I actually had difficulty with root but finally found it.

    User : it's all about the right CVE
    Root : there are alternatives to cron

    Happy hacking :wink:

  • edited November 2020

    Hello.

    Been searching for this CVE based of my enumeration and the comments on this thread. I'm having trouble. Could someone give nudge towards the correct CVE?

    Thanks!

    Edit: Got it.

  • edited November 2020

    Hello. Bit stuck on this one. I found the vulnerability but am having problems exploiting it. I think i have to compile my own java and then paste it in, but im having problems compiling something with javac. Getting errors like
    Exploit.java:4: error: package com.sun.org.apache.xalan.internal.xsltc.runtime is not visible
    Not sure I am even on the right track!

    Im using javac 15.0.1

  • pwned box :smile: ....easy box

    user: CVE

    root: basic enumeration

    PM if you need help.

  • Need help for User not sure about using the vulnerability can anyone help?

  • Rooted!!
    Thanks @HiddenCry for helping me finding that correct POC for user part.
    Finding the correct version of CVE and the exact POC is little difficult, rest is very easy.
    Hint:
    User: look for the newest CVE.
    Root: Trust me, it's very easy.
    PM for Nudges.

  • In addition to the hints already given, i would say that the key of getting user is find the right article that explain how to use the exploit... you don't have to create nothing from scratch.

  • ok, i got user, was easier than i expected, but getting root... not quite there yet. bit of a noob here. I could use a pointer to keep me from going down another rabbit hole.

  • Hello there. Got user but having trouble with my method for root. Can anyone help?

  • i m beginner!
    anyon here to help me ????

  • Type your comment> @Termopan said:

    Rooted! Easy box, indeed.
    User: It's so 2019
    Root: it repeats itself, so just listen and change

    Understand the User part hint until find the right exp by searhing many websites and benefit by your hint at root part, thanks a lot.

  • User was a pain in the ass. Really easy, however you need to try many different ways of the similar thing...
    Root was really easy and fast to get.
    If someone needs a nudge, PM me :)

  • when i am submit flag then its shown incorrect flag why

    document.write(window.atob("PGRpdiBzdHlsZT0id2lkdGg6IDIyMHB4OyBoZWlnaHQ6NTBweDsgYmFja2dyb3VuZC1jb2xvcjogIzM0M2M0MTsgYm9yZGVyLXJhZGl1czo0cHg7IHRleHQtYWxpZ246IGxlZnQ7IGJhY2tncm91bmQtaW1hZ2U6IHVybChodHRwczovL3d3dy5oYWNrdGhlYm94LmV1L2ltYWdlcy9pY29uMjAucG5nKTsgYmFja2dyb3VuZC1wb3NpdGlvbjogcmlnaHQgNXB4IGJvdHRvbSA1cHg7IGJhY2tncm91bmQtcmVwZWF0OiBuby1yZXBlYXQ7Ij48c3R5bGUgc2NvcGVkPkBmb250LWZhY2Uge2ZvbnQtZmFtaWx5OiAiUm9ib3RvIjtmb250LXN0eWxlOiBub3JtYWw7Zm9udC13ZWlnaHQ6IDQwMDtzcmM6IHVybChodHRwczovL2ZvbnRzLmdzdGF0aWMuY29tL3MvdWJ1bnR1bW9uby92Ni9WaVpoZXQ3QWstTFJYWk1YenVBZmtZNFA1SUNveDhLcTNMTFVOTXlsR080LndvZmYyKSBmb3JtYXQoIndvZmYyIik7fS5odGJfZm9udCB7Zm9udC1mYW1pbHk6ICJSb2JvdG8iLCBtb25vc3BhY2U7fS5odGJfbmlja25hbWUge2NvbG9yOiAjZmZmZmZmO2ZvbnQtc2l6ZTogMTJweDtmb250LXdlaWdodDogYm9sZDt9Lmh0Yl9wb2ludHMge2NvbG9yOiAjNTZDMEUwO2ZvbnQtc2l6ZTogMTBweDt9Lmh0Yl9yZXNwZWN0IHtjb2xvcjogI2Y3YWYzZTtmb250LXNpemU6IDEwcHg7fS5odGJfcmFua2luZyB7Y29sb3I6ICNmZmZmZmY7Zm9udC1zaXplOiAxMHB4O30uaHRiX2xpbmUge2xpbmUtaGVpZ2h0OiAxMnB4O21hcmdpbjogMHB4O3BhZGRpbmc6IDBweDt9Lmh0Yl9saW5rIHtjb2xvcjogIzlhY2MxNDtmb250LXNpemU6MC42ZW07dGV4dC1kZWNvcmF0aW9uOiBub25lO30uaHRiX2xpbms6aG92ZXIge2NvbG9yOiAjOWFjYzE0O2ZvbnQtc2l6ZTowLjZlbTt0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTt9Lmh0Yl9saW5rOnZpc2l0ZWQge2NvbG9yOiAjOWFjYzE0O30uaHRiX3Jhbmt7Y29sb3I6ICNmZmZmZmY7Zm9udC1zaXplOiAxMXB4O30uaHRiX3JvdzF7aGVpZ2h0OjEzcHg7fS5odGJfcm93MntoZWlnaHQ6MTdweDt9Lmh0Yl9yb3cze2hlaWdodDo1cHg7fTwvc3R5bGU+PGRpdiBzdHlsZT0id2lkdGg6IDQwcHg7IGhlaWdodDogNDBweDsgYm9yZGVyLXJhZGl1czo0cHg7IGZsb2F0OmxlZnQ7IG1hcmdpbi10b3A6NXB4OyBtYXJnaW4tbGVmdDo1cHg7Ij48aW1nIHN0eWxlPSJ3aWR0aDo0MHB4OyBoZWlnaHQ6IDQwcHg7IGJvcmRlci1yYWRpdXM6NHB4OyIgc3JjPSJodHRwczovL3d3dy5oYWNrdGhlYm94LmV1L3N0b3JhZ2UvYXZhdGFycy80N2ZmZjkxMzAzMTc1ODM5MDYxZDUwMWE1NGJiNGQ3MF90aHVtYi5wbmciPjwvZGl2PjxkaXYgY2xhc3M9Imh0Yl9mb250IiBzdHlsZT0iZmxvYXQ6bGVmdDsgaGVpZ2h0OjQwcHg7IHBhZGRpbmctbGVmdDogNXB4OyBtYXJnaW4tdG9wOjVweDsiPjxwIGNsYXNzPSJodGJfbGluZSI+PHNwYW4gY2xhc3M9Imh0Yl9uaWNrbmFtZSI+am9obndpY2tlbHNvbjwvc3Bhbj4gPHNwYW4gY2xhc3M9Imh0Yl9yYW5rIj5IYWNrZXI8L3NwYW4+PGJyPjwvcD48cCBjbGFzcz0iaHRiX2xpbmUiPjxzcGFuIGNsYXNzPSJodGJfcmFua2luZyI+UmFuazogNzE4PC9zcGFuPiA8aW1nIHNyYz0iaHR0cHM6Ly93d3cuaGFja3RoZWJveC5ldS9pbWFnZXMvc2NyZWVuc2hvdC5wbmciIHN0eWxlPSJ3aWR0aDoxMHB4O2hlaWdodDoxMHB4OyI+IDxzcGFuIGNsYXNzPSJodGJfcG9pbnRzIj42MTwvc3Bhbj4gPGltZyBzcmM9Imh0dHBzOi8vd3d3LmhhY2t0aGVib3guZXUvaW1hZ2VzL3N0YXIucG5nIiBzdHlsZT0id2lkdGg6MTBweDtoZWlnaHQ6MTBweDsiPiA8c3BhbiBjbGFzcz0iaHRiX3Jlc3BlY3QiPjA8L3NwYW4+PGJyPjwvcD48cCBjbGFzcz0iaHRiX2xpbmUiPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmhhY2t0aGVib3guZXUiIGNsYXNzPSJodGJfbGluayI+aGFja3RoZWJveC5ldTwvYT48L3A+PC9kaXY+PC9kaXY+"))

  • @johnwickelson said:

    when i am submit flag then its shown incorrect flag why

    This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hi, i found the error on the page and did some lookup which leads to CVE details. Then i got stuck. Can someone help? Not sure what can i do from the CVE on-wards. Thanks in advance.

  • Interesting box - I finally got round to doing it. User was harder than root.

    User - experimentation and googling the outcomes is effective.

    Root - good enum matters. I was a bit sloppy and it took me twice as long as it should have.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • ok so, I got the user flag and found the bash script i am supposed to run, when I run the script i connect to the machine as root but after 2-3 seconds get disconnected.... I dont know what's causing this....can anyone help? Thanks in advance

  • @EX1TZER0 said:

    ok so, I got the user flag and found the bash script i am supposed to run, when I run the script i connect to the machine as root but after 2-3 seconds get disconnected.... I dont know what's causing this....can anyone help? Thanks in advance

    Its like that whatever you are doing to get a shell is only running as long as the script runs - so when it exits, so does the shell.

    You might want to get it to do something which gives more stable access to a secure shell.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @Chobin73 said:

    Type your comment> @toddbrecher said:

    Anybody having issues with their root shell not persisting very long? I've managed to pop the root shell, but it seems to expire after ~5 seconds.

    pm

    Having this same issue, any tips?

  • TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I got user at this point, and I think I found what I need to know for root, but based on what I found and how it can be used, it got me all confused...can someone help and put me in the right track?

    Hack The Box
    CISSP | eJPT

Sign In to comment.