Official Seal Discussion

Official discussion thread for Seal. Please do not post any spoilers or big hints.

«1

Comments

  • edited July 11

    Never seen this method of authentication before and Google isn't being very handy. /keys is not directly accessible. Not sure how to generate this self signed or if this is even the way forward.

    Update: Foothold is new to me, the issue gives you the information, but isn't specific - check against the files in the G**B****T

    User: Enumeration and reading documentation

    Root: Self explanatory

  • user l**s is a rabbithole?

  • Just got root.
    Seemed really easy for a medium box.

    Foothold: An issue may help you.
    User: Enumerate.
    Root: Pretty much the first thing you do after getting user will get you root easily.

  • Finally rooted.
    All in all a fun machine. Learned something new as well! :)

  • Any help for a*****e p******k to get user ?

  • Rooted it!! feel free to PM

  • Finally rooted! Great box, very interesting foothold

  • Finally rooted!

  • Rooted! At last..

  • Rooted!!
    Easy Machine at the Level of medium.

    Feel free to ping me if any help required.

    Hack The Box

  • Stuck at user...> @openwan said:

    Any help for a*****e p******k to get user ?

    Stuck at the same place... Any hints ?

  • edited July 12

    Type your comment> @kavigihan said:

    Stuck at user...> @openwan said:

    Any help for a*****e p******k to get user ?

    Stuck at the same place... Any hints ?

    Make sure to take a really close look at the ***.y*l file!

  • I made my own one tested it. It worked. Now struggling with how to replace the /**t/bac****/********/***.*** file with my own one.> @coldBug said:

    Type your comment> @kavigihan said:

    Stuck at user...> @openwan said:

    Any help for a*****e p******k to get user ?

    Stuck at the same place... Any hints ?

    Make sure to take a really close look at the ***.y*l file!

    I made my own one tested it. It worked. Got a shell as t****t .Now struggling with how to replace the /**t/bac****/********/***.*** file with my own one .

  • Type your comment> @coldBug said:

    Type your comment> @kavigihan said:

    Stuck at user...> @openwan said:

    Any help for a*****e p******k to get user ?

    Stuck at the same place... Any hints ?

    Make sure to take a really close look at the ***.y*l file!

    Thanks, this was really helpful!

  • edited July 12

    Finally rooted. Well, I was such an idiot. I tried to go for root before going for user. Hope these hints will help you a bit.

    Foothole
    If you see an inverse there is always a reverse.
    Just do the right search and acunetix.**m will give you what you need

    User
    Put the 'peas' in and enumerate.
    If you can't see a file directly there are indirect methods as well.

    Root
    That's is too obvious
    Google what you don't know

    If you get stuck. Just hit me up

  • Type your comment> @kavigihan said:

    Finally rooted. Well, I was such an idiot. I tried to go for root before going for user. Hope these hints will help you a bit.

    Foothole
    If you see an inverse there is always a reverse.
    Just do the right search and acunetix.**m will give you what you need

    User
    Put the 'peas' in and enumerate.
    If you can't see a file directly there are indirect methods as well.

    Root
    That's is too obvious
    Google what you don't know

    If you get stuck. Just hit me up

    Thanks, sent. you a DM.

  • After hours spent on this box, I finally managed to root it! I learned a ton from this.

    Foothold: Don't be afraid to shake things up a bit with a classic vulnerability.
    User: Sometimes taking a peak at what's going on under the hood can give you ideas.
    Root. Super easy. Google what you don't know.

    Message me if you need a nudge.

  • ROOTED.

    Fun box, inital foothold takes a little nginx knowledge but easy going after that.
    DM me for a nudge

    Foothold: Read up about nginx bugs
    User: Enumeration and research is key
    Root: Piece of cake, very easy

  • ROOTED. Fairly easy box for a medium have done harder easy boxes.
    Plenty of good clues here already.
    Foalma321

  • Felt like that was a good box for a medium.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Nice, solid medium box.

    I especially liked the initial part, the rabbit hole and all. I anticipated the vector to be very, very different from what I eventually exploited. (I would be interested in learning about approaches that seemingly exploited vulnerabilities of nginx itself though, as my approach revolved more around normalization)

    The escalation route was reasonably well obfuscated, (in my experience, if you find that linpeas or linenum doesn't give you what you need, it will always be that one other tool that holds the info) , but once I understood the underlying service the actual exploit became fairly straightforward.

    Final privesc to root was the quickest I have ever done on HTB.

    Neticegear

  • edited July 15

    Type your comment> @TazWake said:

    Felt like that was a good box for a medium.

    Totally agree, fun medium box. Even though I was familiar with common issues regarding the architecture, foothold took me a lot of time.

    Little hint for foothold last step if you are stuck on 403 even though you should have the privs and you know what to do: Try a different browser, delete cookies etc. and reset the box if necessary.

    PM me for nudges, always happy to help.

    dombg

  • Rooted!

    Foothold way harder than the rest of the box as I didn't know about the 403 trick. User and root are extremely easy.

    PM for a nudge but don't forget to tell me what you've tried!

    cmoon
    OSCP

  • Can someone pm me and give me some help please?

  • edited July 18

    i need a lil help i have the root shell but cant see a root flag did i miss something?\

    ps: as soon as i said that i got the flag loosing mind over this is easy btw nice machine i rooted it!

  • Rooted, what a fun machine. I really enjoyed the foothold because the inner workings behind it were interesting to me and I hadn't seen it before. As always DM me if you are stuck and I will do my best to help.

    k1llswitch
    "The master has failed more times then the beginner has even tried"

  • Hello, need nudge for foothold on seal machine. Thanx

  • hello guys, managed to get credentials of tomcat but then cant access the /m******/h*** then i try to login into /m******/s***** but still the h*** displayed forbidden. tried google path traversal but couldnt find the right answer, need help guys. appreciate it.

  • @DemChuck said:

    hello guys, managed to get credentials of tomcat but then cant access the /m******/h*** then i try to login into /m******/s***** but still the h*** displayed forbidden. tried google path traversal but couldnt find the right answer, need help guys. appreciate it.

    Google bypassing that error code. There is a github repo that might help.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.