Official Cereal Discussion

2»

Comments

  • Is someone willing to help me on getting a good token? I can't get a valid Sig******. Thanks in advance.

  • I wrote a python script using a particular library to generate the token with the attributes I think are correct according to the source.

  • Look at old git commits. And add an exp field....

  • @gh0stm5n I got that part already. Right now I'm trying to get through the 403 when I try to GET some cereals so I can start, maybe, working on an exploit.

  • I got user. Working on root. I saw my user can get some j**** p****** but I think the default C**** isn't working, gonna try getting another one. Any ideas? Can't get it to work.

  • Type your comment> @parteeksingh said:

    Can i get any hints i am stuck at building a valid token.

    Still, I am not able to get a valid token any nudges?

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • edited January 4

    Spend a few weeks now to get pass the localhost restriction. None of the javascript I tried, triggers my payload. So I quit and wait for the IPPSEC video...

  • Type your comment> @gh0stm5n said:

    Spend a few weeks now to get pass the localhost restriction. None of the javascript I tried, triggers my payload. So I quit and wait for the IPPSEC video...

    I am in quite the opposite situation. I know a way to trigger a payload but can't for my life figure out a meaningful one, the only one I have working locally is pointless. Any nudge for this would be appreciated. Never been this stuck, my brain hurts...

    f1rstr3am

  • After hours and hours payload works locally, trigger works locally, bute remote nothing and Im blind. This is pain. Pure pain.

    f1rstr3am

  • It took me about two weeks of on & off work, but I finally got user. That was surprisingly difficult but largely because I made two mistakes without realising it.

    First - I focussed on the tool often used for this and overlooked the fact it doesn't work - for a long time. When I moved to a more bespoke approach it worked.

    Secondly - I should have given up on using burp earlier on. It's much easier to script it, I was just being lazy and ended up spending way more time than I should have.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted. The good news is privesc is less complex than getting user. Enumeration is 100% the key (and I don't mean just looking for passwords all over the place).

    Look at what the box is doing - it helps if you've seen it before - look for how it can be exploited. Look at what your account can do. Then, if you are a gardener, there is something which is often useful on windows boxes.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted, It looks like insane box, more than hard for me.
    Happy to help >>> PM for hints.

    Try!ng Hard3r, N3v3r G!v3Up.

  • Someone can nudge me up? I got a feelin, type-of hs256, but I don't really understand it.

  • edited February 8

    @gh0stm5n said:
    There is a field that is vulnerable to XSS (and yes I can get a response back to me).

    Yea well I can't!

  • Finally got user after many wrong turns and rabbit holes, and learning a lot. Thanks @TazWake for patiently answering all my questions.

  • This may be one of my favourite boxes. Great fun from foothold to root

    jamesa

Sign In to comment.