Official Knife Discussion

123578

Comments

  • Rooted

    Foothold was easy for me
    Root wasn't as straight forward as for you. I've been trying for an hour until I finally got it.
    My tip is, read what the program can do. What you have to use is pretty straight forward. Just make sure you use the correct language!

  • rooted
    PM for help

  • edited May 29

    Done.

    User: Versions versions versions

    Some dudes are modifying code of other dudes and leave backdoor :joy:

    Root:
    Only 1 line and not more than 40 symbols (max) is needed for root ;)

    PM for hints

  • Not a hard one, but that can be long for a newbie... a few research, don't look to far, the path is not so deep.

    A fun one.

  • Quiet easy machine, actually for User is just following recent news (GOOGLE) and check everything the app tell you.

    Root: just RTFM.

  • edited May 30

    for some reason i'm not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn't reach my python webserver. but still ping works.... Any suggeestions?

  • @D3adsh0t said:

    for some reason i'm not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn't reach my python webserver. but still ping works.... Any suggeestions?

    It depends on how you are trying to exploit it. At a guess, I'd say check how the quotation is set. If you are trying to send a one-liner by the command line, there might be lots of quotes needed, check how they are nested.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Damn, this was a nice easy box. Got a lil bit confused at the foothold part but still it was interesting.

  • Any hints getting a full TTY shell? Tried everything I can find, not getting any hits.

  • Rooted, DM if u need help

  • Hi. I got remote command injection with the exploit . Trying to get full tty shell with it. Having issues with netcat arguments. Can't get the rest of the argument to work "-e /bin/bash" even with . netcat command works fine without out it but know bash shell.

    Hack The Box

  • I have been able to get a user flag but i am struggling with root flag........ i have been able to find the ///***fe which can be exploited for privesc but i don't know how to use if

    Someone should please give me a nudge to the right direction

  • @fynboi said:

    I have been able to get a user flag but i am struggling with root flag........ i have been able to find the ///***fe which can be exploited for privesc but i don't know how to use if

    Someone should please give me a nudge to the right direction

    Have a look at what it really is. It can run something you can create. The thing you can create can give you root.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 31

    Nice machine, got root flag in quite "wierd" way in a error message but manage to finally get root shell as well.
    feel free to Dm if u need a hint

  • as a newbie, this machine wasnt as easy as it seem to most people but thanks to TazWake I have finally been able to root the machine

  • edited June 1

    Spoiler Removed

  • @kshitizkr6003 said:

    Message me on instagram ( ) i will provide a link to a writeup

    Writeups on active machines are prohibited by HTB rules.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • The easiest machine I have ever done. Loved it.

  • Type your comment> @TazWake said:

    @kshitizkr6003 said:

    Message me on instagram ( ) i will provide a link to a writeup

    Writeups on active machines are prohibited by HTB rules.

    Ooo...

  • Rooted the machine
    User: version
    Root: impersonate them

    PM if you need help

  • 3/10 machine

    Foothold - Check web services and google the exploit for it.
    Root - Damn this is easy, you would just need to read a little documentation.

  • Hey everybody,

    Stuck with foothold.
    I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

    However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

    Am I in a rabbit hole? any hint?

  • @Tw1st3dxF4t3 said:

    Hey everybody,

    Stuck with foothold.
    I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

    However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

    Am I in a rabbit hole? any hint?

    Possibly, you don't need any python scripts here.

    Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @Tw1st3dxF4t3 said:

    Hey everybody,

    Stuck with foothold.
    I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

    However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

    Am I in a rabbit hole? any hint?

    Possibly, you don't need any python scripts here.

    Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

    Sorry sir, but here's a python RCE Script of the version of that service. He might be using different thing. I've pwned this box from that script. Have a nice day. :smiley:

  • @realhawwk said:

    Type your comment> @TazWake said:

    @Tw1st3dxF4t3 said:

    Hey everybody,

    Stuck with foothold.
    I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

    However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

    Am I in a rabbit hole? any hint?

    Possibly, you don't need any python scripts here.

    Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

    Sorry sir, but here's a python RCE Script of the version of that service.

    Totally - you can create python scripts to automate anything. You clearly don't need one though as it's just a modification of one line.

    He might be using different thing. I've pwned this box from that script. Have a nice day. :smiley:

    I suppose it hinges on did you use a python script from the repo the OP describes?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Here are my two cents:

    For the Initial foothold I got stuck for too many hours, just because I was always thinking that something more complicated needed to be checked on the box. It ended to be not that hard, but I needed to review the forum to have an idea about it.

    From there, user and root were simple, and now I got the rating of the box. If you are stuck and need some hints let me know.

    Pepe

    pp123

  • edited June 2

    User: A good enumeration is the key of the user - google research
    Root: Remember the name of machine and good basic Priv Esca enumeration - enumeration

    recommended tools Nikto, masscan, netcat, ruby, curl

  • Type your comment> @TazWake said:

    @Tw1st3dxF4t3 said:

    Hey everybody,

    Stuck with foothold.
    I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

    However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

    Am I in a rabbit hole? any hint?

    Possibly, you don't need any python scripts here.

    Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

    Thanks. Apparently, there are two vulnerabilities with exploits written from Chinese guys that you can find when googling what you enumerated in this machine. But yeah, I was using the wrong one.

    Hint for who is stuck on my same wrong python script: if it's not recent (2021) it's the wrong one.

    Root is pretty straightforward.

  • Rooted !!

    User: Just first two lines of nikto are sufficient for gaining initial foothold.
    Root: See what things you can do!! ( just with a simple command). Enumerate more about what the binary is doing.

    DM Me For hints

  • omg guys finally after 4 hrs .. got root .. feeling happy.

Sign In to comment.