Official Delivery Discussion

11012141516

Comments

  • edited March 24

    hai guys thanks for the hints in this forum as a beginner really helpful

    FOOTHOLD: carefully read the given hints & note down the step at the process in h******k.
    USER SHELL: if u do foothold correctly, then u can get the hints for this step
    PRIVSEC: check where u come from & what sve running
    ROOT: ippsec.rocks website search + hht help u

    after getting r**t dont forgot to read the n***s.t*t ippsec leave a nice message

    any help ping me

  • Feel dumb, just doesn't recieve the response to move further....

  • Running colabcat with '-w 4' and it's taking quite a while; I suppose thats normal because b*****, but how much time should it take approximately?

  • @blvckmetxl said:

    Running colabcat with '-w 4' and it's taking quite a while; I suppose thats normal because b*****, but how much time should it take approximately?

    If you have the correct wordlist, seconds. If you are running it with various rules, then it probably wont work.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I'm stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

  • @ub007 said:

    I'm stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

    Have a look at what getting a ticket gives you. Use the new information elsewhere and get access.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ub007 said:

    I'm stuck guys, the only thing I have done is get the ticket, can anyone help me with this.

    Have a look at what getting a ticket gives you. Use the new information elsewhere and get access.

    Do you mean the agent login? I was trying to login with that @delivery.htb email on agent login but I don't have the password.

  • @ub007 said:

    Do you mean the agent login?

    No.

    I was trying to login with that @delivery.htb email on agent login but I don't have the password.

    There is a thing you can definitely log into, you don't need an email for it.

    You can use the email to set up something else and read the response in the thing you can definitely log in to.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 31

    Type your comment> @TazWake said:

    There is a thing you can definitely log into, you don't need an email for it.

    You can use the email to set up something else and read the response in the thing you can definitely log in to.

    port 22?
    I'm sorry man I'm not able to understand this, it's kind of my 2nd box.
    I need help.

  • @ub007 said:

    port 22?

    No, there are more than two ports open.

    I'm sorry man I'm not able to understand this, it's kind of my 2nd box.
    I need help.

    Easier said than done without spoilers.

    So:

    • read through the thread here, this has been raised a few times.
    • create a ticket, look at what information you are provided with and check the status of the ticket. You can now read it and any updates sent to it.
    • the information provided gives you something you can use on the highest port which goes somewhere you can now read

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 31

    @TazWake said:
    @ub007 said:

    port 22?

    No, there are more than two ports open.

    I'm sorry man I'm not able to understand this, it's kind of my 2nd box.
    I need help.

    Easier said than done without spoilers.

    So:

    • read through the thread here, this has been raised a few times.
    • create a ticket, look at what information you are provided with and check the status of the ticket. You can now read it and any updates sent to it.
    • the information provided gives you something you can use on the highest port which goes somewhere you can now read

    Bro Do you know what this error means?
    ssh {user}@10.10.10.222
    {user}@10.10.10.222:Permission denied (publickey, password).

  • @ub007 said:

    Bro Do you know what this error means?
    ssh {user}@10.10.10.222
    {user}@10.10.10.222:Permission denied (publickey, password).

    Yes, it means {user} cant access the SSH server using the method supplied. It looks a lot like the error you get when SSH access is denied completely.

    That's why I said "no" to port 22 before.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 31

    Type your comment> @TazWake said:

    @ub007 said:

    Bro Do you know what this error means?
    ssh {user}@10.10.10.222
    {user}@10.10.10.222:Permission denied (publickey, password).

    Yes, it means {user} cant access the SSH server using the method supplied. It looks a lot like the error you get when SSH access is denied completely.

    That's why I said "no" to port 22 before.

    There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

  • edited March 31

    @ub007 said:

    There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

    That looks correct to me. I'd ignore the first one you listed for this entire box.

    EDITED: This was an incorrect statement, sorry. Just ignore it to start off.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ub007 said:

    There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

    That looks correct to me. I'd ignore the first one you listed for this entire box.

    Bro, I got the email and I logged into the M********t , I've uploaded a payload into the in***nal, How am I supposed to execute it?

  • @ub007 said:

    Type your comment> @TazWake said:

    @ub007 said:

    There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

    That looks correct to me. I'd ignore the first one you listed for this entire box.

    Bro, I got the email and I logged into the M********t , I've uploaded a payload into the in***nal, How am I supposed to execute it?

    OK - I misread my notes before, sorry.

    So if you have access to that service you have some information you can use to try and access the port you tried before but failed. There is a message which tells you what to do.

    Alternatively, if you've uploaded something, you can try to execute it by calling it at the upload location.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 3

    Type your comment> @TazWake said:

    @ub007 said:

    Type your comment> @TazWake said:

    @ub007 said:

    There are 3 ports open (REMOVED) are these all of them, or my enumeration is incomplete?

    That looks correct to me. I'd ignore the first one you listed for this entire box.

    Bro, I got the email and I logged into the M********t , I've uploaded a payload into the in***nal, How am I supposed to execute it?

    OK - I misread my notes before, sorry.

    So if you have access to that service you have some information you can use to try and access the port you tried before but failed. There is a message which tells you what to do.

    Alternatively, if you've uploaded something, you can try to execute it by calling it at the upload location.

    Just got the user, going for the root now.
    @Tazwake Thanks for the help man

    I'm gonna text you again if I need your help in Root.

    EDIT: ROOTED. My DM is open if anyone needs help.

  • edited April 1

    Just got root!

    Thanks for the tips/advice in here.

    DM if you need a hand.

    rancilio

  • If you are stuck on the foothold, something that may be helpful is thinking about what each website allows you to do. And if you are failing what is technically happening in the background upon those failures/attempts. It is very much about connecting some dots.

    Others have provided great advice that may be hard to grasp. Essentially what are you able to do on each site and is there a way to connect those actions. Kicking myself for how long it took me to connect and hopeful this doesn't send anyone down the wrong path.

  • edited April 1

    i mightve forgotten the password i created and resetting it wont work any suggestions
    EDIT: "i fixed it lol"

  • @krisp33 said:

    i mightve forgotten the password i created and resetting it wont work any suggestions

    If you really need it, you can just create a new account on the box.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2

    the root password ist not working anymore

  • I'm trying to use open.php but it keeps timing out... is this a feature or a bug?

    imageTest sig please ignore

  • Type your comment> @thecog said:

    I'm trying to use open.php but it keeps timing out... is this a feature or a bug?

    UPDATE: This only happens on Firefox. Chromium is fine.

    imageTest sig please ignore

  • Any clue for the foothold inthe machine
    im stuck for hours please help

  • @WhItE0DeVil said:

    Any clue for the foothold inthe machine
    im stuck for hours please help

    If you create a ticket you are given information you can use to access something else.

    This is covered in more detail several times on the thread here, so it might be worth reading back a few posts.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 4

    now i get into the ma******st with some credentials
    EDIT : GOT USER #:smile:

  • Type your comment> @ub007 said:

    @TazWake said:
    @ub007 said:

    port 22?

    No, there are more than two ports open.

    I'm sorry man I'm not able to understand this, it's kind of my 2nd box.
    I need help.

    Easier said than done without spoilers.

    So:

    • read through the thread here, this has been raised a few times.
    • create a ticket, look at what information you are provided with and check the status of the ticket. You can now read it and any updates sent to it.
    • the information provided gives you something you can use on the highest port which goes somewhere you can now read

    Bro Do you know what this error means?
    ssh {user}@10.10.10.222
    {user}@10.10.10.222:Permission denied (publickey, password).

    bro you left a space at the end of the ssh password
    you have just copied so it may be

  • overthink for the user...root is easy, I expected complicating 1025 but it is not. This box is all about reading reading reading

    CISSP
    Hack The Box
    ++Repect If you think I help =]
    Personal notes and walkthru: https://santocheung.gitbook.io/hackthebox/

  • is there any tip for privesc

Sign In to comment.