Official Delivery Discussion

11011121315

Comments

  • @John5hade said:

    I don't know how to make that subdomain point to the right place.

    You need to add it to your hosts file.

    The hosts file isn't DNS, it doesn't allow other lookups. If you have 10.10.10.10 example.com in your hosts file and you visit www.example.com, the hosts file wont work. You need to add an extra entry for each subdomain you want to resolve.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @dewest91 said:

    Getting user has me so confused and struggling as a result. I've discovered the contact us workflow, along with the the additional areas of logging in that agents and people with the account can access, but from there I have hit a wall.

    Step back and rethink.

    Try things and see what happens. One of them lets you create things. Create a thing. Look at what else it gives you. You can now use that to access the other place.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 8

    Type your comment> @TazWake said:

    Create a thing. Look at what else it gives you. You can now use that to access the other place.

    I have the thing that I need to access the other place. But all I know is the port, and attempting to connect with netcat gives me a 400 Bad Request. Reading this forum makes me think I'm off track, pretty sure this isn't supposed to be the tricky part.

    Is this an OSINT step?

  • edited May 8

    Got the user pretty quickly and found the h***hs. Not sure what to do next. Spent hours configuring various rules etc. but none of them worked. Not gonna spend anymore time on this box but the user part was fun.

  • @leadOctopus said:

    Type your comment> @TazWake said:

    Create a thing. Look at what else it gives you. You can now use that to access the other place.

    I have the thing that I need to access the other place. But all I know is the port, and attempting to connect with netcat gives me a 400 Bad Request.

    That implies that your netcat connection isn't sending a valid HTTP request.

    Does it work when you use a web browser?

    Reading this forum makes me think I'm off track, pretty sure this isn't supposed to be the tricky part.

    Accessing it isn't supposed to be tricky. Getting an account needs some creative thinking.

    Is this an OSINT step?

    Not as far as I am aware.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 8

    I feel like I must be missing something; I'm going for root.

    I've got the root hash, cracked it, and am staring at what looks to absolutely be the root password based on all of the hints. However, can't seem to log in as root (to either the machine or mattermost server). Feel like I'm missing something stupidly obvious...

  • @ofsmul said:

    I feel like I must be missing something; I'm going for root.

    I've got the root hash, cracked it, and am staring at what looks to absolutely be the root password based on all of the hints. However, can't seem to log in as root (to either the machine or mattermost server). Feel like I'm missing something stupidly obvious...

    If the password you have starts with P, then it might be the right one.

    How are you trying to switch to the root user account?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • This was a really fun box, a great way to learn some skills in a constructive way.

    This box has a focus on enumeration, EVERYTHING you need is there, don't make things hard for yourself, I speak from experience :wink:

    Without realizing it, you are taken through basic enumeration for hints (almost instructions), to then checking for the things that you should always check, then onto tool usage that should be bread and butter. This was a well thought out and crafted box.

    @ippsec This was a great instructional box, please, more like this please :smile:

  • Could I get a little nudge in the right direction with what rules and what lists are required in the step which requires these 2 things? No combination I tried works :(

    rowra

  • Type your comment> @TazWake said:

    That implies that your netcat connection isn't sending a valid HTTP request.

    Does it work when you use a web browser?

    Indeed, my netcat request didn't have a User Agent or anything like that, so I imagine it probably was invalid. It does not work when I use a web browser, so I wasn't sure how to form the request in netcat/burp/etc. But, it sounds like it should work in a web browser?

    I'll have to try resetting my box and trying it again at some point today.

    I thought maybe there was an OSINT step where I had to find the raw request form online somewhere and submit a login request that way, but wasn't having any luck.

  • @leadOctopus said:

    Type your comment> @TazWake said:

    That implies that your netcat connection isn't sending a valid HTTP request.

    Does it work when you use a web browser?

    Indeed, my netcat request didn't have a User Agent or anything like that, so I imagine it probably was invalid.

    Sort of, but its a bit more than that. A user agent string is the least of its worries.

    With netcat you cant send valid HTTP by manually entering the minimum required fields.

    GET / HTTP/1.1
    Host: example.com
    
    

    Then you should get a valid HTTP response rather than the server just getting confused.

    You can even be more minimalist with GET / if it will process HTTP0.9 type headers.

    Using netcat to access HTTP is really painful though, typos and remembering to finish the request with a blank line make it a lot harder work than just using a browser and looking at the errors it generates.

    It does not work when I use a web browser, so I wasn't sure how to form the request in netcat/burp/etc. But, it sounds like it should work in a web browser?

    Yes. What error do you get in the web browser? That might be more informative.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 9

    Interesting box, but some of the nudges in comments may mislead in obtaining root... I went a rabbit hole after a comment from someones that h*** is in 'User'. Just avoid cracking the first h*** you get when login with low privs like I was trying to do. It's NOT really THAT SIMPLE :smiley:
    For the root... just follow the 'root' in the place where you got an answer of what to use for getting access to the box with low privs, the h*** you need to crack is somehow related to that 'place' ;)

    al3ksec

  • Type your comment> @TazWake said:

    Yes. What error do you get in the web browser? That might be more informative.

    I reset the box and now I can access the portal. I'm beginning to think I might have been stepping on my own foot by running dirbuster in the background, maybe I was making too many requests of the server before. Something to be careful of, perhaps.

    Thanks for pointing me back in the right direction.

  • I can't seem to track down the last bit at the end. I think I know where it is though, except my hunch involves logging into another thing once I've gotten a user shell, and all attempts to log into it tell me that I can't log into it as me (or as anyone) from localhost. I even imported the find binary to help me find config files I might have missed, which maybe contained something I can use, although, I'm not quite sure.

    I just need a gentle nudge, am I on the right track?

  • edited May 10

    @leadOctopus said:

    I can't seem to track down the last bit at the end. I think I know where it is though, except my hunch involves logging into another thing once I've gotten a user shell, and all attempts to log into it tell me that I can't log into it as me (or as anyone) from localhost. I even imported the find binary to help me find config files I might have missed, which maybe contained something I can use, although, I'm not quite sure.

    I just need a gentle nudge, am I on the right track?

    Assuming that it is the service I think you want to log into:
    There are credentials for it, somewhere. Use those and you will be able to login.

    EDIT:
    No need to use find. Simply look into the other applications' folders, and you will find what you seek.


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • @HomeSen said:
    Assuming that it is the service I think you want to log into:
    There are credentials for it, somewhere. Use those and you will be able to login.

    Thanks! I did eventually track them down. Learned how to recursively scan the files in a directory for a string too, which might come in handy as time goes on.

    I found one crackable thing in that service. So far it's pretty resistant to my efforts. I must have the wrong wordlist.
    I've tried rules, custom permutations of the hint on the internal forum ("P..."), even the combinator. The value is computed using an algorithm with a fishy name. But so far, that's as far as I've got.

  • @leadOctopus said:

    @HomeSen said:
    Assuming that it is the service I think you want to log into:
    There are credentials for it, somewhere. Use those and you will be able to login.

    Thanks! I did eventually track them down. Learned how to recursively scan the files in a directory for a string too, which might come in handy as time goes on.

    I found one crackable thing in that service. So far it's pretty resistant to my efforts. I must have the wrong wordlist.
    I've tried rules, custom permutations of the hint on the internal forum ("P..."), even the combinator. The value is computed using an algorithm with a fishy name. But so far, that's as far as I've got.

    Sounds like you are on the right track. Combining the hints with the best 64 rules should give you a result after a reasonable amount of time (on my GeForce MX150 it took roughly 6 minutes).


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • @leadOctopus said:

    I found one crackable thing in that service. So far it's pretty resistant to my efforts. I must have the wrong wordlist.
    I've tried rules, custom permutations of the hint on the internal forum ("P..."), even the combinator. The value is computed using an algorithm with a fishy name. But so far, that's as far as I've got.

    I found building my own wordlist was a lot, lot quicker.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I'm not sure if I'm being an idiot with this one. I'm at the start of the box, looking at the helpdesk and I'm doing something that makes sense in my head, but nothing shows up where I'm expecting it. Is there someone I can DM to check?

  • I have user, and now im enumerating throughout the user system. But how can I do this quickly and efficiently? It's like looking for a needle in a haystick if I open everything manually. Thanks!

  • @hybrid79 said:

    I have user, and now im enumerating throughout the user system. But how can I do this quickly and efficiently? It's like looking for a needle in a haystick if I open everything manually. Thanks!

    Why are you opening everything manually?

    This might help
    https://forum.hackthebox.eu/discussion/comment/95055/#Comment_95055

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I struggled with the root portion. It took multiple attempts with various rules but I was finally able to make it work.

  • Finally got it all. Root took me almost half hour, thanks to a homeless feline. I think I could have used a better ruleset. That said, it was a fun little box actually!

  • I am stuck after getting the first flag, i read the comments on this post. But i am still not able to get the second flag. can someone share a hint?

  • @fdalvi said:

    I am stuck after getting the first flag, i read the comments on this post. But i am still not able to get the second flag. can someone share a hint?

    It ha already been hinted at quite a bit - it might help if you explain what it is about the previous hints you haven't got?

    You need to find something which gives you access to something else, dump the hash from there, then crack it. Then use it to be able to read the root flag.

    Start by looking through things that are not in a standard Linux install.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • i am not able to find hash dump. i think i am seing the non standard linux install but cannot see the hash. but will look again

  • @fdalvi said:

    i am not able to find hash dump. i think i am seing the non standard linux install but cannot see the hash. but will look again

    The hash isn't in the file. The file tells you what you need to dump the hash from where it is.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Thanks, this a good nudge

  • I think I've found the correct hash for root and cracked it successfully. Now I can log in at m*******t but I don't know what to do, lol.
    help pls xd, did I miss something behind?

    cashats

  • @cashats said:

    I think I've found the correct hash for root and cracked it successfully. Now I can log in at m*******t but I don't know what to do, lol.

    If you have the password for root, why are you logging in somewhere else?

    help pls xd, did I miss something behind?

    I think so.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.