Official ScriptKiddie Discussion

Official discussion thread for ScriptKiddie. Please do not post any spoilers or big hints.

«13456714

Comments

  • 1h left <3

    Security+

    Hack The Box

  • so excited :smiley:

  • Anyone else having issues with the box? I assume the servers are just begged down

  • edited February 7

    edit: That was easier than I thought it was going to be.

    User: took me longer than it should have because I was for sure the method I was trying to get a foothold was the correct method, but I just couldn't get it to work

    Root: pretty straightforward and obvious

    Hack The Box

  • Type your comment> @B3LL470R said:

    Anyone else having issues with the box? I assume the servers are just begged down

    I am not able to use the release area VPN connection ... it's just getting connection resets. The other VPN connection (ProLab, regular machines) work.

  • Did I ever mention that I'm horribly bad, when it comes to web? And this supposedly easy machine proves me right, again :lol:


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • edited February 6

    (so this is how a machine release look like haha! silent and intense)
    why shoutbox and machine page not showing same result regarding bloods im confused

    what_what

  • thx for the box! got user :-) , searching for root now .. (easy seems to be easy again..)

    hat some issue with getting ip on "Release Arena" switch after some failure to my default vpn environment .. < is this an issue or iam doing something wrong her ( download vpn pack spawn vm ...tried to connect...)

    have fun :-)

  • Can anyone please give me a hint?

    Hack The Box

  • Can anyone give me a hint for bypassing the fi****?

  • started to teach my kid HTB - would this be a suitable box for an absolute beginner? We gonna do it together tomorrow.

    just realized I missed my only chance for first blood in a year :D :D lol rofl

  • If someone is able to give me a hint for foothold, I'd appreciate one.

  • edited February 6

    Try harder.

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • edited February 6

    Thought I'd blow past this one but stuck at foothold :/

    Do we need to go after the upload? I can't seem to find mine. Tried tinkering with other fields but to no avail.

    EDIT: just rooted. this box is really meta. Jesus

    zweeden

  • any possible hints? 3 hours lead to nothing so far :sweat_smile:

    Hack The Box

  • edited February 6

    Got user, but am I barking up the wrong tree with s---l----s.s-? I'm pretty confident I have a helpful input line, but I don't see what triggers s---l----s.s- to execute. My line is just sitting there and the lines don't seem to be being blanked out. (I can trigger the thing add its own 'normal' lines, too, but I can't seem to trigger s---l----s.s- to read it...)

    EDIT: Oops; I realize now that I broke it when I was poking around. In case anyone else makes the same mistake I did, just make sure you don't accidentally delete/recreate the file that it's reading. (I didn't realize it was being triggered by in---n.) Rooted; fun box, thanks!

  • edited February 7

    Must be missing sth... take longer than expected on foothold. Can anyone give me a nudge?

    EDIT: rooted. could've done faster but anyway. Thanks 0xdf for creating the box.

  • the server executes commands based off of user input. think of exactly what commands are being run on the server (with arguments), and search for vulns from there

  • rooted! Good easy box. Thanks 0xdf :)

  • Can someone give me a bump? i think im making foothold harder then it has to be. Did you need to use burp?

  • Nop burp is not used here

    SpawnZii

  • Got user. Any hint for the next step?

  • Any have a link can be useful or the link can give more information about the attack vector?
    Thanks.

  • A little hint for me for user:

    Please make sure that you are using the latest version of Metasploit.

    Hack The Box

  • I'm getting an error when I try to set the OS to Linux on the webapp, is everybody having the same issue? Just trying to figure out if I'm on the right track.

  • edited February 7

    rooted, nice box, finally a real "easy" machine

  • rooted. good box. overlooked privesc for a while but it's pretty straightforward.

    HcKy

    Happy to help. If any of my rambling is useful consider leaving some respect.

  • i always get an error in OS linux. annoying.

  • great box thanks @0xdf
    [email protected]:~# id uid=0(root) gid=0(root) groups=0(root)

  • Rooted, thanks to the creator of the box.

    [email protected]:~# whoami; id
    root
    uid=0(root) gid=0(root) groups=0(root)
    

    Arrexel

Sign In to comment.