Official Knife Discussion

245678

Comments

  • Finally rooted :P took longer than I would have liked for gaining user. Thanks for all the nudges on this one y'all. PM me if you would like a nudge.

  • Also while I was trying to get a foothold (to user), a certain popular scanning tool told me there was a vulnerability with a CVSS of 10.0. It turned out to be a false positive, which kind of undermined my trust in that tool.

  • I had the right path pretty fast, but finding the information on the vulnerability took much longer than I wanted, lol. I think the hints on here are pretty solid already. If you need some hints, send a message.

  • Wow user took me a long time to get on this machine. Thanks to @PartyGolbez and @elveskevtar for the tips on priv esc. I was on the right track but needed a lil nudge. :)

  • edited May 23

    any nudges for foothold? i scan everything but i got no hint :/....there is a tool i used for scanning and it list all possible vuln for j*****...did i go to the right direction?

  • Type your comment> @Aether32 said:

    any nudges for foothold? i scan everything but i got no hint :/....there is a tool i used for scanning and it list all possible vuln for j*****...did i go to the right direction?

    @Ob1lan and @adminseeker 's posts really helped me. I'm not familiar with the direction you're going, but hesitate to say it's "wrong" in case there's multiple paths.

  • Type your comment> @lebutter said:

    Why doesn't Nikto flag this right away ?!?

    Thanks, nikto reveals something nmap doesn't show. I will add nikto to my enumeration routine.

  • Anybody can help me? I was able to exploit the vuln, get LFI and read a SSH private file. But when I try to crack it doesn't work.

  • The Nmap-script-engine led me to the wrong way and wasted me a lot of time.
    maybe try the results of other recon tools before diving into the NSE result.

  • Type your comment> @c4r50nz said:

    Type your comment> @lebutter said:

    Why doesn't Nikto flag this right away ?!?

    Thanks, nikto reveals something nmap doesn't show. I will add nikto to my enumeration routine.

    Maybe you could also get the header with a simple 'nc' ? :)

  • For the root, remember the name of the machine often gives a clue :wink:

  • Very nice foothold I was waiting for the box with that to be honest :D and here it is as I desired!

  • edited May 23

    It keeps telling me "Failed to spawn instance" although I was able to use it yesterday
    Edit: Apparently only the EU Arena is struggling, works with US right now

  • Very Easy machine
    Roooted.....

    Ping me for any help needed...

  • Rooted. At first I was a little frustrated for the initial part, but when you take a close look at it you'll see that there is something wrong. The root part is very simple. :)

    Arrexel

  • Rooted, took me like 45 minutes to get user and 10 minutes for root.
    I think I were lucky, because I heard about the user flaw a few Months ago - which definitely pointed me to the right direction.

  • Rooted. User took forever. It was hard to find the way even with lots of googling. Root was very easy.

    ruskii

  • User part of this machine was a bit sketchy in my opinion, and the whole machine would have been far better suited for the "Challenges" category. Hard to be on the lookout for something that was never really quite there in the first place.

    Root part was incredibly simple, but gave me a chance to write my own revshell script for that specific platform that is way more stable than what I pulled from the web before.

    Neticegear

  • I need foothold for user, anyone? Fuzzing a lot, searched for public CVE and nothing yet

    If i helped you, i would like to receive a respect
    Hack The Box

  • Rooted. That was kinda fun.
    Entry point - there's not much to find. So sparse you probably missed it. Check again. Google stuff.

  • edited May 23

    First box after more than a year off. Good entrypoint i guess. :smile:
    However i guess i would have given up on user without the post of @adminseeker

    User: nikto/google
    Root: pretty basic

    Feel free to ask for nudges if you are stuck

  • edited May 23

    Rooted. Wappalyzer missed a very important detail that nikto didn't...Note to self to just check these things manually I guess.

  • Is it cheating when I only read the root flag as user?

    Hack The Box

  • @WebFan said:
    Is it cheating when I only read the root flag as user?

    I'm not sure if there are any official guidelines for this, but I think that's normally fair game. In some machines it's trickier to get proper root access than to just read the flag, but in this one I'd say it's straight forward. Maybe try a different.."option" for privesc?

  • Need any help ? Dm plzzz :P rooted

    Eat-Sleep-Shit-Repeat Security
    kragle
    If I helped you, you may +1 with respect

  • └─# nc -nvlp 4242
    listening on [any] 4242 ...
    connect to [10.10.14.175] from (UNKNOWN) [10.129.135.165] 38356
    id && hostname
    uid=0(root) gid=0(root) groups=0(root)
    knife


    Foothold was a pain in the ass to find the correct article. The rest was a piece of cake.

    Hack The Box

  • Rooted!
    Thank you @FunkyMcBeef for remember @adminseeker comments....

  • was not a great box, but it's done. The first steps aren't obvious, and it's quite strange that informations are so hard to find... Root step is a classic one. Feel free to ask hints if needed : I'll try to be "spoilfree"

  • Rooted: Didn't find this too enjoyable. Enough clues here already to complete.
    User: Google-fu once you find the service version you need to know , as results are few.The chinese clue is all you need.
    ROOT: Very easy the box name is big clue.
    Foalma321

  • edited May 23

    I am a complete noob to this so I found root very hard (basically i've done maybe 3 boxes before this one, I have no idea what I am doing). I now have a bit of a process I will go through when I first get on a box, because I assume root was very easy for anyone with half a brain cell (unlike me).

    Was lucky I heard about this exploit for user and got it pretty quick. God love anyone who's unaware of the way in because it's hard to find on google without knowing the terms to search for.

    Thanks to all for nudges!

Sign In to comment.