Official Spectra Discussion

12467

Comments

  • hi im new here if can someon show me how to start with hacking

  • edited March 13

    Type your comment> @GHOSTanonymus said:

    hi im new here if can someon show me how to start with hacking

    Welcome to HTB. I great place to start is with the retired machines. Ippsec (find him on youtube) has some amazing walk throughs of the retired machines. Thats how I got started.

  • @Thanks bro but i dont have premiume so i cant do retired machines

  • The last two are available and there are still starting point & academy labs you can do without it costing money.

    Its also worth watching the Ippsec videos even if you cant follow along.

    However, this isn't really related to the box so please start a new thread if you want to discuss this.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • ou bro i think its cus i didnt select openvpn on port tcp 443

  • @GHOSTanonymus said:

    ou bro i think its cus i didnt select openvpn on port tcp 443

    It is still easier if you start a new thread or ask this in the threads already open for the machine you are working on, where other people can answer.

    Not sure what you mean about selecting openvpn on port tcp 443 though. That isn't really how it works.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • idk how to start new thread bro pls give me some contact to contact u

  • @GHOSTanonymus said:

    idk how to start new thread bro pls give me some contact to contact u

    On the main page on the bottom right is a button you can use to create a new discussion.

    image

    You can message me on this. If you want to send a direct message, click on my name and send me a message. I am not sure how contacting me in different ways from asking questions on the forum will help though.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Fun box. Managed to root without any enum tool which is a first for me.

    Struggled a bit to get user, but root was a complete piece of cake (<60sec); I'm curious if there was any other way with the n**e.*s stuff on the box?

  • Hi, may I message someone for some help on the initial foothold? Have found something but stumped on where to go from there.
  • edited March 21

    Foothold: The usual web pentesting tools will basically point out anything you need. But the info is also pretty obvious. The way to get a shell is very generic and well documented in countless articles.

    User: Really a lot of stuff to look through. Yes, you can run scripts if you play around a bit and some of them might help a bit. It's a bit of a paperchase unless you just stumble on it by accident.

    Root: Very basic enum and then google what you found

  • Rooted - thanks for the fun box.

    Took me way longer than I care to admit to find the info I needed for user.

  • Type your comment> @sicario1337 said:

    Type your comment> @baegmon said:

    Is the box glitched for anyone else? I have root but I can't see anything in the root directory even after a reset.

    Thats probably because you are in the docker as root and not the host.. try running "hostname" to confirm...

    Definitely wasn't the problem, tried it again after a couple days later and this time root.txt was found.... idk

  • I'm still having problems with this box... I've reset it a couple times, still the issue persists.

    I logged into the website, and I'm trying to edit files to gain a shell, however, it will not let me update any php files, whether in the theme editor or if I try to edit plugins. I keep getting this error:

    "Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP."

    My research has shown that the issue is usually caused by plugin conflicts, or editing other setup/config files... However I've not edited anything, and plugins are deactivated by default. I even had a friend start the box the same time I did, they rooted it, and I'm here stuck with errors. Super frustrating knowing what and how to do what I need to do, but not being able to because I don't know how to get around this error. Never had an issue before when it comes to editing a WP file to gain shell access...

    Any help would be appreciated..

  • Type your comment> @quantumtheory said:

    snip

    I too had issues with this step. I believe others have had luck with a Framework, but I found a pretty cool script on GitHub that made the plugin for me and spun up a multi-handler listener :)

    I am always open to helping; however, please ensure you explain what you have tried first before asking for hints!
    Also, reps go a long way!

    Certifications: ITIL, eJPT, eCPPT (In Progress)

  • Type your comment> @quantumtheory said:

    I'm still having problems with this box... I've reset it a couple times, still the issue persists.

    I logged into the website, and I'm trying to edit files to gain a shell, however, it will not let me update any php files, whether in the theme editor or if I try to edit plugins. I keep getting this error:

    "Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP."

    My research has shown that the issue is usually caused by plugin conflicts, or editing other setup/config files... However I've not edited anything, and plugins are deactivated by default. I even had a friend start the box the same time I did, they rooted it, and I'm here stuck with errors. Super frustrating knowing what and how to do what I need to do, but not being able to because I don't know how to get around this error. Never had an issue before when it comes to editing a WP file to gain shell access...

    Any help would be appreciated..

    Find my post here , it has a hint on what you are struggling on :smile:
    PM if it feels too cryptic

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • @baegmon said:
    Type your comment> @sicario1337 said:

    Type your comment> @baegmon said:

    Is the box glitched for anyone else? I have root but I can't see anything in the root directory even after a reset.

    Thats probably because you are in the docker as root and not the host.. try running "hostname" to confirm...

    Definitely wasn't the problem, tried it again after a couple days later and this time root.txt was found.... idk

    Strange ... Glad it worked later :smile:

    sicario1337

    Happy to assist and 'Respect' is always appreciated
  • i ssh into the box as k*** with a found password, i got directly into root, my guess is that thats not the intented way, please dont break the machines too much :neutral:

  • Enjoyable box. I did go for a simple, "automated" path to foothold because I was really frustrated after a day failing to get anywhere on tentacle, but it does look like there are a few ways to get a foothold which is pretty cool.

    Privesc was nice and you don't see it very often here but google is your friend.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted! Nice box, spent too much time in the foothold part, I felt so stupid when I realized that what I needed was literally under my nose.
    Did manage to get a shell without M*F but with a "classic" approach (google is your friend).
    User I initially overlooked the output of enumeration tool, but with a deeper look spotted what I needed.
    Root part is easy but I learned something new that I didn't know.

    alemusix

  • Rooted, great box:) My hint : do not think overcomplicated, basics enums and searches will give you the root.

  • finally rooted! great box. took me some time for user due to the unusual OS but the green vegetable did help. path to root was new to me. probably easy to someone who is familiar with this functionalities. unfortunately it looks like someone already put up an indirect writeup for root on the net (it doesnt say explicitely so but the screenshots are a kind of an obvious giveaway) and using google will show it as one of the first hits.

    zaphoxx

  • Type your comment> @h0l1st1c4l said:

    finally rooted! great box. took me some time for user due to the unusual OS but the green vegetable did help. path to root was new to me. probably easy to someone who is familiar with this functionalities. unfortunately it looks like someone already put up an indirect writeup for root on the net (it doesnt say explicitely so but the screenshots are a kind of an obvious giveaway) and using google will show it as one of the first hits.

    Unfortunately yes, I fell into this trap, but I don't consider it as "cheating", because the article explains how the privesc works. I would have learned something ;)

  • Type your comment> @UVision said:
    > Type your comment> @h0l1st1c4l said:
    >
    > (Quote)
    > Unfortunately yes, I fell into this trap, but I don't consider it as "cheating", because the article explains how the privesc works. I would have learned something ;)

    I guess it is a bit of a greyish area in this particular case. It is similar to looking up things in e.g. gtfobins.

    zaphoxx

  • Type your comment> @h0l1st1c4l said:

    Type your comment> @UVision said:

    Type your comment> @h0l1st1c4l said:

    (Quote)
    Unfortunately yes, I fell into this trap, but I don't consider it as "cheating", because the article explains how the privesc works. I would have learned something ;)

    I guess it is a bit of a greyish area in this particular case. It is similar to looking up things in e.g. gtfobins.

    I agree.

  • Rooted :)
    Thanks to @egre55 for this box. Learnt new stuff and definitely put my programming skills to good use :)

    Foothold

    So, you know what it is. Look in every crack and hole. You need to get the interesting thing in a specific place.

    User

    Just more of the same, read every thing, your usual enumeration.

    Root

    Actually pretty fun to be honest, new for me personally.
    See which groups you're in and check what kind of files can you play with.
    Do your usual enumeration and once you put the pieces together and find the files to play with, play with them, but be quick. You don't have all day.
    Once you realize a way to execute commands you've basically got endless ways of escalating privileges.

    My DMs are always open for nudges or discussion about the machine :)

    imClara

  • Salveeee galera, box massa para ensinar a testar tudo o que você realmente encontra.

    Usuario: um pouco complicado mas não é dificil
    Root: um dos mais faceis até hoje

    Qualquer ajuda , só mandar PM

    Hack The Box

  • edited March 30

    It worked...

  • Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on "/testing" ,application version, sql credential, plugin name. but none of it work especially the rpc.

    I love to play my birds(Lovebirds) but now HTB has been taking away my love for them.
    '>.<

  • Type your comment> @SlaCk3rxD said:

    Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on "/testing" ,application version, sql credential, plugin name. but none of it work especially the rpc.

    Getting the foothold is much simpler, given that you already found credentials ....
    Whenever you get credentials, think of the possibilities... Not all keys open their locks, some open others' :smile:

    sicario1337

    Happy to assist and 'Respect' is always appreciated
Sign In to comment.