Official Love Discussion

123578

Comments

  • Finally rooted!!!!
    Feel free to DM me for nudges.

    Ci siamo presi, hai invertito la e con la erre

  • Finally got root too.

    User need lots of enumeration.. Look good at you initial scan then don't forget to well configure your system and to explore where you can go. Then basic rce...

    Root is not that easy I could read on the forum because I am not used to Windows boxes, but if you know what you are doing, it is not that hard !!! Look good at the output of your enum script...

  • Type your comment> @htbapibot said:

    Official discussion thread for Love. Please do not post any spoilers or big hints.

    @sicario1337 said:
    Type your comment> @chbale said:

    Type your comment> @spaaze said:

    (Quote)
    I am struggling on this one aswell...

    Have you considered trying url instead of uploading a file and see what it does... then use that to ur advantage? 🤔

    @Celebrity said:
    Rooted!! Fun Box

    I need help bro don't know where from where should i start

  • I'm new to these and would like if I could get a nudge from someone? I have enumerated as far as I know I think. Any nudge would help. Thanks

  • @ali15 Try nmap you will find some ports to explore and may be sub-domains

  • @soBr0kEn said:
    I'm new to these and would like if I could get a nudge from someone? I have enumerated as far as I know I think. Any nudge would help. Thanks

    nmap will give you the way ... PM me if you need more help

  • Fun box :)
    The enumeration part was interesting, not sure if I did it the intended way, I ended up using a rather ugly method but at the end of the day, I got what I needed !
    The root part got me confused. Everything was very slow and the box behaved strangely, but I don't know if it came from the network or not. I used the famous tool because none of what I tried manually worked, if anyone managed to get it working without any external tools, I'd like to hear about it !

    Thank you @pwnmeow

    dragonista

  • Hi could somebody give me a nudge, I found the path, I tried several things, but I could not figure out the exploit.

    mzdaemon

  • I managed to get user flag through some fairly bootleg webshell, and have some amount of RCE as user. I can't for the life of me establish a stable shell as user to work with to even start on root. I've tried so many options with common tools and 'non-tools', based on what I know is on the box, from elsewhere online and nothing's been stable at all so far. If someone can poke me with a hint as to which/what worked for them it would be much appreciated. banging my head against such a silly obstacle

  • edited May 22

    Guys i figured out finally ;),

    mzdaemon

  • Spoiler Removed

  • i need tips/help to get root...asap
    DM..me

  • Rooted! thx to some tips in this forum

  • Spoiler Removed

  • Could someone DM me this a tip for the foothold ? I found the 'beta' page I can interact with, but I struggle to find a valid file to throw there... Much appreciated !

  • Type your comment> @anir08 said:

    Rooted.

    For anyone looking at the forums searching for hints, I'm gonna be blunt and say this: You know what you know and you don't know what you don't know! Stop with that TryHard thing!
    My hints:

    FootHold/User
    Let your nmap be aggressive and read the output very carefully! Half of the steps to Foothold lies there! Got it? Nice!
    Make the necessary changes. Cool!
    Now head over to the "secret" area which was not available before and manually enumerate it very carefully! Like use your EYES instead of firing off gobuster and wfuzz.
    Then read about this:
    https://portswigger.net/web-security/ssrf
    Read it? Now you know what to do!

    Take a step back and let the snake take the auto-pilot from there!!

    Escalation/System
    I'd be real honest here..if you don't have a solid windows priv-esc methodology, you won't be able to do this. Its more like a hit-error-success thingy. Without giving away much, enumerate registry keys and look for software policies...google a lot and you'll end up on a famous blog website which explains exactly what it is. From there its 2 minutes to system

    I fell into the Rabbit Hole concerning the ***i and lost 2 hours until looked at it again from the top side. Sometimes you need to take a breather!
    Good Luck!
    El-Psy-Kongroo!

    (Also why the hell can't I submit the flags lmao)

    Edit: Flag submitted- had to revert it two times (sorry if I caused disturbances to others in that time)

    Thanks! I was trying all the right things... but the link helped me with the right format

  • edited May 28

    Type your comment> @Ob1lan said:

    Could someone DM me this a tip for the foothold ? I found the 'beta' page I can interact with, but I struggle to find a valid file to throw there... Much appreciated !

    Same here, I would really appreciate some help..

    On the beta, I can read files and believe me, I tried hundreds, I did not find anything interesting. Could somebody tell me if this is the right way to go - look at the content of files? I went down the SSRF road as well, but no success.

    I gladly went down every rabbit hole there was, even tried cracking hashes I found for two hours ^^

    EDIT: Thanks @NoMad for the reinsurance that simple SSRF is the way to go! Root part took like 5 minutes, luckily its one of the first things I check manually. ;)

    dombg

  • I found Vote Admin Creds.... but I'm not able to login with them??

  • Type your comment> @quantumtheory said:

    I found Vote Admin Creds.... but I'm not able to login with them??

    Make sure you copy/paste correctly... Some pesky characters can follow sometimes ;)

  • Type your comment> @Ob1lan said:

    Type your comment> @quantumtheory said:

    I found Vote Admin Creds.... but I'm not able to login with them??

    Make sure you copy/paste correctly... Some pesky characters can follow sometimes ;)

    I get the same error whether I try pasting, typing manually, with/without the extra spaces, etc.. Not sure how else to go about it really. Was thinking I just had the wrong creds, but I've seen elsewhere that the creds I found are indeed the correct ones. I duno

  • Fun box!

    Hack The Box

  • edited May 29

    Could someone DM with assistance. I need to understand what I am missing. I have the workings of the foothold, just unsure what exactly I should be targeting. Thank you in advance.

    Edit: I played around a little more and got my start.

    Edit Edit: Rooted. Priv Escalation is Easy Peasy.

  • Got user, enjoyed that, however struggling on PrivEsc.

    Shell doesnt seem to be stable whatsoever. My m*********r shell doest even spawn, even with encoding, and the only successful shell has been a standard non-m*********r, but even that dies after a few minutes... any nudges? Dont need much, just a stable platform to start PrivEsc from.

    CrackerMan

  • edited May 29

    Rooted

    Hack The Box

  • Can I DM someone? I'm still having issues.. I have what I believe is what I need to proceed, but nothing is working..

  • Type your Would someone give me a hand? I'm stuck in user, I've used dirb but I don't see anything, just several shells already uploaded that I don't know how to take advantage of

  • Type your comment> @quantumtheory said:

    I found Vote Admin Creds.... but I'm not able to login with them??

    Make sure you are logging to the correct website.

    There's one that asks for the user id and one that asks for the username. Make sure you are loging into the later one

  • Finally rooted after a couple of days banging my head against the wall trying to find user.
    Privilege escalation on the box isn't exactly a walk in the park if you've never done Windows boxes before imo, but nothing extremely fancy either.

    Either way, fun box!

    DM if you need any nudges

  • Finally I got user and root. I spent too many hours trying to get the initial steps through the enumeration using S**F. From there, it was easy to get a shell, and the privesc was done by following the steps you can google easily for windows enumeration.

    Pepe

    pp123

  • Type your comment> @quantumtheory said:

    Type your comment> @Ob1lan said:

    Type your comment> @quantumtheory said:

    I found Vote Admin Creds.... but I'm not able to login with them??

    Make sure you copy/paste correctly... Some pesky characters can follow sometimes ;)

    I get the same error whether I try pasting, typing manually, with/without the extra spaces, etc.. Not sure how else to go about it really. Was thinking I just had the wrong creds, but I've seen elsewhere that the creds I found are indeed the correct ones. I duno

    @quantumtheory i have the same problem dude, i'm on right page, right creds, i tried removing the !! part also, tried with hydra, tried curling, tried any virutal possible solution to this problem and still it gives me incorrect password but i id l********:**00 like you probably in "secret" page for file checking.. and man it won't budge it's driving me nuts man, is 1AM and i work at 6AM and i still don't wanna go to sleep.. fuck my life :(

Sign In to comment.