Official Delivery Discussion

Official discussion thread for Delivery. Please do not post any spoilers or big hints.

«134567

Comments

  • Not able to access the machine !

  • Spawning for 15 minutes now...zzzzz..... anyone able to access this box?

    f1rstr3am

  • edited January 9

    Just started responding

  • one more time ! its not a EASY BOX !!! its impossible learn

  • I'm trying to create accounts, but I never receive the confirmation mail. Anyone with the same issue?

  • None of the boxes are connected to the internet as far as I know email wont work! Someone correct me if I am wrong.

    f1rstr3am

  • edited January 9

    Been trying some CVE's for X** in the low port for a while now with no luck... Is this a rabbit hole?

  • Type your comment> @chubbyBoi said:

    Been trying some CVE's for X**I in the low port for a while now with no luck... Is this a rabbit hole?

    same here, I tried a bunch of them, I also tried to upload a file to get a shell but nothing

  • Do we need to bruteforce some forms in webpage ?

  • Officially unable to get foothold. Messed around with o******s with no luck despite the multiple CVEs out there. There is information I'm unable to find out to make them (it) work.

  • Can´t commit the hash! Reset the box and it hangs when spawning again. Goodnight....

    f1rstr3am

  • any nudge plz?

  • Rooted ! Nice Box. Easy if you take time to read.

    1. Take time to read pages on the 1st website. It will help you understand the foothold process.
    2. Again take time to read what’s in front of you.
    3. You have a shell now.
    4. A few minutes of enumeration should do the job to find the right info.
    5. Go take the secret that we need.
    6. We saw a hint earlier, it’s time to use it.
    7. Rooted.

    If you PM me, please explain the situation. If you think this is a spoiler, flag it.

    Hack The Box

  • There we go! Root!

    Really fun box. Would definitely have taken me a lot longer if I hadn't recognized the foothold from some article a year or so ago.

  • edited January 10

    Anyone else having problems enumerating? Nothing nmap is working, tried netcat too and get 'no route to host' for everything...reset the box; same result...??

    solved; had to specify the interface for some reason it didn't go to my tunnel this time.

  • If you are stuck, make sure you read everything. If you are still really stuck, DM me for a little nudge.

    Hack The Box Bade

  • Rooted!
    Really fun box honestly, the ratings don't do it justice.
    Concentrate and read everything carefully. Once it clicks you'll feel really dumb.
    Rooting was also super simple, just a case of careful enumeration.

  • user was really cool! I figured it out while I was tryna ask for a hint. I had to write down where I was stuck, what I've tried, and what I might think will work, and then it clicked to me where I went wrong.

    Tip: If you're stuck, try to do the same as me. Write down what your problem in detail and what you've already tried, as if you're explaining it to someone who is trying to help you. Maybe something will click for you too

  • I'm stuck after the user flag.
    i don't know what to do with c****.j**n
    Any hint please?

  • Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

  • Type your comment> @menis said:

    Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

    Have you read everything in the first page?
    if yes, did you read the info after you create ticket?

  • Type your comment> @Faisallkhann said:

    Type your comment> @menis said:

    Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

    Have you read everything in the first page?
    if yes, did you read the info after you create ticket?

    yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?

  • Type your comment> @menis said:

    Type your comment> @Faisallkhann said:

    Type your comment> @menis said:

    Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

    Have you read everything in the first page?
    if yes, did you read the info after you create ticket?

    yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?

    Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.

    edyun

  • @Faisallkhann said:
    I'm stuck after the user flag.
    i don't know what to do with c****.j**n
    Any hint please?

    Think about what is stored in there? Which services does the platform use?

    edyun

  • Type your comment> @edyun said:

    Type your comment> @menis said:

    Type your comment> @Faisallkhann said:

    Type your comment> @menis said:

    Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

    Have you read everything in the first page?
    if yes, did you read the info after you create ticket?

    yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?

    Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.

    Surely it isn't actually actually updating the info at the @? Can I PM you? I'm now even more confused

  • Type your comment> @menis said:

    Type your comment> @edyun said:

    Type your comment> @menis said:

    Type your comment> @Faisallkhann said:

    Type your comment> @menis said:

    Really struggling with foothold. Tried uploading files, and I think that there must be a way to get into the generated @ from o*****t on m********t. Any nudge would be really appreciated as I'm very much a beginner.

    Have you read everything in the first page?
    if yes, did you read the info after you create ticket?

    yep, I can see that a @ related to the t***** is generated, and that it will be valid on m*********. I did think about trying to brute with common creds but that always seems like the wrong approach for htb, and i looked for default ones, but I could find any. Am I missing something obvious?

    Read the info closer, what does that @ do? Read the hints and think about how the everything pieces together.

    Surely it isn't actually actually updating the info at the @? Can I PM you? I'm now even more confused

    For sure, PM me.

    edyun

  • Rooted!
    foothold + user: this part show the importance of writing down what you know and what you need; maybe you already have access to what you need...
    root: follow the hints

    Hack The Box

  • Got user, working on root now...So far it seems pretty straightforward, but lets see if I'm able to apply the "hint"

  • edited January 10

    can I get a sanity check if anyone is available please PM me

    Never mind I have user now. I was trying the right way on the wrong thing

    Hack The Box

  • edited January 10

    Got user
    With root, how can i find out ****?. I think we should find out ****.....
    Rooted!

Sign In to comment.