Official Laboratory Discussion

1121314151618»

Comments

  • Hey there, i think i found the right exploit and i modified something in order to make it work, i'm still stuck in the part where it download the shell, i'm trying to use the lfi/rce of the service, someone can give me some hints?

  • Type your comment> @HomeSen said:

    @synap5e said:

    This is my first hackthebox :D

    Let me guess: You had to add a newline to the end of the file? For some reason, certain ssh clients require the key file to end with an empty line.

    MOTHER F***ER ! that was my problem the whole time? A newline char?

    Wow. thanks!

  • Type your comment> @TazWake said:

    @jagoannyaMAMAH said:

    any1 can help me? im stuck to get root from user

    Checking permissions on executable files, then a very basic reading of the file, is a good way to get the path from user to root.

    thanks man, I appreciate it.

  • Foothold and getting user was enough headache

    Stuck with ROOT
    After ran all enum tools p*** l*****.sh L**E***.sh
    Not sure what process i should exploit

  • @mar0ne said:

    Foothold and getting user was enough headache

    Stuck with ROOT
    After ran all enum tools p*** l*****.sh L**E***.sh

    Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

    find on its own will be enough.

    Not sure what process i should exploit

    Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @mar0ne said:

    Foothold and getting user was enough headache

    Stuck with ROOT
    After ran all enum tools p*** l*****.sh L**E***.sh

    Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

    find on its own will be enough.

    Not sure what process i should exploit

    Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

    I think i saw it something relative to log** but didn't works

  • edited April 14

    Finally rooted this. What a ride. Willing to PM nudges if needed

    This was the hardest "easy" box I've come across but not by design.

    There were some stability issues as well that made it difficult to get a grip on things. I'm reasonably certain there's some people who try to brute force things on HTB. Tsk Tsk. That's not what this site is about.

    Looking back I'm not sure why it was so hard. I guess because the attack vectors I'd found did not work as expected and required tweaking. It's technically not that complicated but was hard to execute for certain reasons.
    Foothold was tougher than it should have been but not by design. For some reason the obvious method of getting in didn't work for me until I made some adjustments. This initially put me off making me think I was barking up the wrong tree.

    User. Even after stealing the info I needed to become user I had trouble, again on my end, making it work. Again it seemed like I'd gone wrong somewhere but I needed a little new line char to fix the issue.

    Root was a textbook standard beginner type exploit but you need to have your reading glasses on to find it. Tip: enumerate in detail and don't just look for the easy stuff. It's right there in the output of your fave enumeration tool.

    I must enjoy the pain.

  • @mar0ne said:

    @TazWake said:

    @mar0ne said:

    Stuck with ROOT
    After ran all enum tools p*** l*****.sh L**E***.sh

    Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

    find on its own will be enough.

    Not sure what process i should exploit

    Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

    I think i saw it something relative to log** but didn't works

    I don't think that is the thing I am talking about. Linux permissions are a useful thing to understand and what the various bits in a permission allow you to do. If one is sticky, it can help.

    When you can find that one file, if you look at it closely, you can see the path to getting root on this box.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hey @TazWake I just wanted shout out some respect to you for taking the time to handhold so many of us.

  • Rooted :)

    User was an a headache

    Root need to wash your eyes and read carefully :)

    Docker and gitlab are all new to me, first box of this kind.

    Thanks for @RageWire @TazWake @heh

  • I'm think I got all the steps for foothold. But for some reason i'm not getting a shell. I refuse to give up but at this point I need some help. Who can I PM or Discord?

  • rooted. I think i can roll over and die now. been working on that machine for WAY too long.

    I'll echo what others have said: the box wasn't easy at all.

  • I can't get ssh to work on the box. I've replicated gitlab locally and it works. I've tried uploading keys to gitlab and multiple ssh keys I've found in and around s******.yml. I made sure file shows that it is an ssh key. Is there something different I need to add to ssh the container?

  • @byd3fault said:

    I can't get ssh to work on the box. I've replicated gitlab locally and it works. I've tried uploading keys to gitlab and multiple ssh keys I've found in and around s******.yml. I made sure file shows that it is an ssh key. Is there something different I need to add to ssh the container?

    Try a different attack. The keys you have might not be any use.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • This box was a lot harder than "Easy". If anyone else ran into the problem with "I*****t M**e" - maybe "run" something other than c*****e.

Sign In to comment.