@gh0stm5n I got that part already. Right now I'm trying to get through the 403 when I try to GET some cereals so I can start, maybe, working on an exploit.
I got user. Working on root. I saw my user can get some j**** p****** but I think the default C**** isn't working, gonna try getting another one. Any ideas? Can't get it to work.
Spend a few weeks now to get pass the localhost restriction. None of the javascript I tried, triggers my payload. So I quit and wait for the IPPSEC video...
Spend a few weeks now to get pass the localhost restriction. None of the javascript I tried, triggers my payload. So I quit and wait for the IPPSEC video...
I am in quite the opposite situation. I know a way to trigger a payload but can't for my life figure out a meaningful one, the only one I have working locally is pointless. Any nudge for this would be appreciated. Never been this stuck, my brain hurts...
It took me about two weeks of on & off work, but I finally got user. That was surprisingly difficult but largely because I made two mistakes without realising it.
First - I focussed on the tool often used for this and overlooked the fact it doesn't work - for a long time. When I moved to a more bespoke approach it worked.
Secondly - I should have given up on using burp earlier on. It's much easier to script it, I was just being lazy and ended up spending way more time than I should have.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted. The good news is privesc is less complex than getting user. Enumeration is 100% the key (and I don't mean just looking for passwords all over the place).
Look at what the box is doing - it helps if you've seen it before - look for how it can be exploited. Look at what your account can do. Then, if you are a gardener, there is something which is often useful on windows boxes.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Comments
Is someone willing to help me on getting a good token? I can't get a valid Sig******. Thanks in advance.
I wrote a python script using a particular library to generate the token with the attributes I think are correct according to the source.
Look at old git commits. And add an exp field....
@gh0stm5n I got that part already. Right now I'm trying to get through the 403 when I try to GET some cereals so I can start, maybe, working on an exploit.
I got user. Working on root. I saw my user can get some j**** p****** but I think the default C**** isn't working, gonna try getting another one. Any ideas? Can't get it to work.
Type your comment> @parteeksingh said:
Still, I am not able to get a valid token any nudges?
If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
Profile : https://www.hackthebox.eu/home/users/profile/17564
Spend a few weeks now to get pass the localhost restriction. None of the javascript I tried, triggers my payload. So I quit and wait for the IPPSEC video...
Type your comment> @gh0stm5n said:
I am in quite the opposite situation. I know a way to trigger a payload but can't for my life figure out a meaningful one, the only one I have working locally is pointless. Any nudge for this would be appreciated. Never been this stuck, my brain hurts...
After hours and hours payload works locally, trigger works locally, bute remote nothing and Im blind. This is pain. Pure pain.
It took me about two weeks of on & off work, but I finally got user. That was surprisingly difficult but largely because I made two mistakes without realising it.
First - I focussed on the tool often used for this and overlooked the fact it doesn't work - for a long time. When I moved to a more bespoke approach it worked.
Secondly - I should have given up on using burp earlier on. It's much easier to script it, I was just being lazy and ended up spending way more time than I should have.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted. The good news is privesc is less complex than getting user. Enumeration is 100% the key (and I don't mean just looking for passwords all over the place).
Look at what the box is doing - it helps if you've seen it before - look for how it can be exploited. Look at what your account can do. Then, if you are a gardener, there is something which is often useful on windows boxes.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted, It looks like insane box, more than hard for me.
Happy to help >>> PM for hints.
Try!ng Hard3r, N3v3r G!v3Up.
Someone can nudge me up? I got a feelin, type-of hs256, but I don't really understand it.
Yea well I can't!
Finally got user after many wrong turns and rabbit holes, and learning a lot. Thanks @TazWake for patiently answering all my questions.
This may be one of my favourite boxes. Great fun from foothold to root