Official Previse Discussion

Official discussion thread for Previse. Please do not post any spoilers or big hints.

«13456

Comments

  • Hello everyone! This is my first box for the platform, I hope you enjoy it!

  • Already loving it! Quick question and it may be a stupid one but I checked out your blog which I assume is your professional one and not in scope or part of the previse site?

  • Type your comment> @sechvn said:

    Already loving it! Quick question and it may be a stupid one but I checked out your blog which I assume is your professional one and not in scope or part of the previse site?

    You're correct, that is a blog where I've posted some personal projects. Completely unrelated to the box :smile:

  • Ok thank you. By the way awesome notes added it to my sites that greatly help! Love the honeypot and intel stuff!

  • Is the way playing with request to some files and try to create something? I got only one username and the name of a backup file. Any advice please?

  • Type your comment> @hum4N3rd said:

    Is the way playing with request to some files and try to create something? I got only one username and the name of a backup file. Any advice please?

    I'm right there for at leas 1h....
    If someone can tell us something new!!!

  • probably a noob question, but this is my first Release Arena machine. I connected to the Release Arena VPN and then spawned the instance, but this machine doesn't ping. I don't see a forum thread related to the release arena topic.

    Arrexel

  • Type your comment> @maurelio said:

    Type your comment> @hum4N3rd said:

    Is the way playing with request to some files and try to create something? I got only one username and the name of a backup file. Any advice please?

    I'm right there for at leas 1h....
    If someone can tell us something new!!!

    There might be a way to interact with the page :smile:

  • Nice Box, Rooted

    Try!ng Hard3r, N3v3r G!v3Up.

  • Type your comment> @lerusse1312 said:

    Type your comment> @maurelio said:

    Type your comment> @hum4N3rd said:

    Is the way playing with request to some files and try to create something? I got only one username and the name of a backup file. Any advice please?

    I'm right there for at leas 1h....
    If someone can tell us something new!!!

    There might be a way to interact with the page :smile:

    trying with the f*** parameter on d******* page but nothing

  • edited August 7

    got hold of www-data but stuck cant get to user... any help?...
    just shooting my shot lol

    edit: ... I thought there was an error in the hash lol ...

  • Got root! Nice machine. Web part was for me the hardest. User and root are pretty easy!

  • Rooted! Super fun machine!

  • This is a great machine. I think the way to foothold is the most difficult part. Getting to user was pretty simple if you don't overthin it. The path to root is a good reminder that sometimes it's the simple things. Hopefully these hints help out anyone who is having issues.
    Foothold: I burped my way through some history and found that my browser was slacking on what it was showing me. There are a few ways around this, personally I like to host. After that, reading will lead you to where you want to be.
    User: If you did your reading, you know the path to go. No matter how weird the path may seem, stick to the basics.
    Root: Sometimes you have to make your own path to where you want to go.

    I know these are kind of cryptic, but if you don't overthink it, you will be fine. If you need help, feel free to DM me.

  • Type your comment> @maurelio said:

    Type your comment> @lerusse1312 said:

    Type your comment> @maurelio said:

    Type your comment> @hum4N3rd said:

    Is the way playing with request to some files and try to create something? I got only one username and the name of a backup file. Any advice please?

    I'm right there for at leas 1h....
    If someone can tell us something new!!!

    There might be a way to interact with the page :smile:

    trying with the f*** parameter on d******* page but nothing

    You will continue to get nothing there. Read through the files and find something EASIER.

  • edited August 8

    .

  • @icthus1 said:
    probably a noob question, but this is my first Release Arena machine. I connected to the Release Arena VPN and then spawned the instance, but this machine doesn't ping. I don't see a forum thread related to the release arena topic.

    same problem bro!

  • im stuck and i dont know if im in the right way.
    i found a******.**p is creating a low priv user is part of the CTF itself?

  • Hello guys, Im completely new to this and this is my first release arena.
    I've tried some unsuccessful brute-forcing and reading some previous comments it seems that I was way off haha lol

    Ive played around with the "orange guy" but still no idea what to look for, if anyone can DM me some nugdes/advices to what study/research more about would be really appreciated;

  • Machine rooted. The simplest machine from HTB.

    Arrexel

  • Type your comment> @Prim1Tive said:

    im stuck and i dont know if im in the right way.
    i found a******.**p is creating a low priv user is part of the CTF itself?

    That is a good place to start.

  • edited August 9

    I'm stuck in w** user, i have the hash of m*** user, but no idea on how to crack it. Someone can give some tip plz.

    Edit: stuck at privesc now

    Edit²: Rooted. It was very funny machine who brings me some new knowledge. Thanks for everyone for the tips, specially @sharkmoos.

  • That was a super fun box, very much enjoyed it!

    I'll try and give a couple hints that differ from whats been hinted at
    foothold: enumerate enumerate enumerate (ok, so that's not really a new hint, but whatever)
    user: don't freak out if you see something weird, just treat it like you would anything else
    root: How do you know where something lives?

    Hilbert

  • edited August 8

    So I'm on the a*******.**p page and I believe I need to become a "postman" here. Do I have the right idea? Because this does not seem to work. I may also be making a silly mistake.
    EDIT: Turns out I was actually making a silly mistake.

  • edited August 8

    Type your comment> @ExCommunicado said:

    So I'm on the a*******.**p page and I believe I need to become a "postman" here. Do I have the right idea? Because this does not seem to work. I may also be making a silly mistake.

    Make sure you are adding what type of content it is (and using the correct one)

    Hilbert

  • Rooted

    Pm after you've tried all :)

    Hack The Box

  • Well rocking the hash doesn't work and my method is fine because my own user's (known) hash cracks instantly so the format and everything is correct. Do i need to go digging in the Seclists to find that special wordlist that the creator had in mind?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Type your comment> @tang0 said:

    Well rocking the hash doesn't work and my method is fine because my own user's (known) hash cracks instantly so the format and everything is correct. Do i need to go digging in the Seclists to find that special wordlist that the creator had in mind?

    Like most of the hash cracking on HTB, one list rules most of them.

  • @tang0 said:
    Well rocking the hash doesn't work and my method is fine because my own user's (known) hash cracks instantly so the format and everything is correct. Do i need to go digging in the Seclists to find that special wordlist that the creator had in mind?

    rockyou works fine for me

  • Ok so rockyou didn't work with john but it worked with hashcat. Did anyone else face the same issue? If yes, what might be the reason?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

Sign In to comment.