Official dynstr Discussion

Official discussion thread for dynstr. Please do not post any spoilers or big hints.

«13

Comments

  • Just checking im not being un-needlessly dumb, I don't need to make my own DUC for this, right?

  • Type your comment> @Gravzy said:

    Just checking im not being un-needlessly dumb, I don't need to make my own DUC for this, right?

    Nevermind I'm overengineering.

  • any hints -> i GOT 'nochg ip'. what next i tried Injc re*ord but failed

  • edited June 13

    was able to set s*bd****n but now stuck?

  • i think the problem is that there are not much documentations on the vulnerability, and we can only read through the documentations on the api to try to figure out whats there to be done. Its seriously a super hard box for medium.

  • read documentation -> rce. but stucked . any nudge

  • I managed to in&&ct my H&&t na/e

    But stuck and don't really know what to do next!
    Any hint is appreciated
  • Maybe D*s hij**ki*g?
  • edited June 13

    i am stuck, i think that to get user or wwdata i need to go on /ni/udt? but i try so much forms to join but always get bdut*, any hints?

  • Got shell ☕
  • edited June 13

    can someone nudge me on how to set up the *** so i can go and *** into the box as *******? sorry if there's any spoiler in this comment. been googling for the correct setup but still a no go now.

  • any hint for foothold? ive been bruteforcing subdomains but got nothing

  • edited June 13

    Type your comment> @jlpung said:

    i think the problem is that there are not much documentations on the vulnerability, and we can only read through the documentations on the api to try to figure out whats there to be done. Its seriously a super hard box for medium.

    finally rooted! EDIT!

  • @esmyl yup got it finally! hahas

  • Can anybody give me a nudge? been stuck for a few hours already

  • Type your comment> @bgokjh said:

    Can anybody give me a nudge? been stuck for a few hours already

    Same here. Got a CVE.. but there is very little info on the same. A nudge on foothold will be much appreciated.

  • great box! rootet it, if anyone need a hint, just let me know!

    sec77

  • Spoiler Removed

    malc

  • To the 5 people who insta-pm'd asking for foothold hints... I would typically wait until it was out of release-arena... but - you are given most of what you need on the web-page, treat the REST as you would pen-testing any other API, don't overthink it.

    malc

  • I am having problems with connecting to the RA VPN....Any help??

  • Type your comment> @malc said:

    Yup - nice box. I found at least 2 ways to root-flag... would be interested to know which of them @jkr intended

    [email protected]:~# hostname ; id
    dynstr.dyna.htb
    uid=0(root) gid=0(root) groups=0(root)
    

    its the shell one :-) i think the other way will be patched soon

    Hack The Box

  • got the flag !!! but not the shell :( if someone can give me a hint I would appreciate...
  • I'm really struggling to get the RCE to work. Any nudge would be appreciated!

  • guys, im happy to help but pls. before you write me, as @malc also mentioned, read the provided homepage!

    sec77

  • Damn this is one hell of a box...Foothole took me like 5 straight hours

    Hack The Box

  • edited June 14

    Spoiler Removed

  • Uff! Finally rooted!

    One of the best boxes I have done so far! Thanks to everyone who has helped me! Also kudos to @jkr

    Feel free to PM for help.

  • Root definitely has me stumped. I see the mechanism but I am not understanding how to exploit... time for more trial and error.

  • edited June 15

    Finally rooted this monster...The best medium box so far...I really recommend this box to anyone who is trying to go from intermediate to advanced...

    Foothole:
    The directory structure seems a bit unfamiliar... However "dorking" helped me.
    When you have a lot of characters to bother at, just change the encoding

    User:
    You will need a relative of "nslookup" to help you.
    just "update add" and tell to who you are and where you from.

    Root:
    Basic enum..Once you find it, read..read until you understand what it does
    There are is more than one way to read files

    Hope these will help you..If you get stuck you are always welcome to DM...

    Hack The Box

  • Rooted !

    Nice machine ! learnt a lot
    Thank you @jkr
    :smile:

Sign In to comment.