Official Developer Discussion

Official discussion thread for Developer. Please do not post any spoilers or big hints.

Comments

  • Anyone have a nudge to give for foothold? I've been attempting use the upload feature but to no avail, not sure how to get around the CSRF middleware. My other idea was to somehow exploit the messages module but at this point I think it's a dead end. Have I missed something obvious during enum, or am I at least on the right track?
  • Anyone made any progress besides finding that CSRF? I am unable to exploit that.

    ruskii

  • edited August 23
    @ruskii said:
    > Anyone made any progress besides finding that CSRF? I am unable to exploit that.

    No luck here either
  • This machine is extremely difficult. I'm at the same spot you guys are.
  • Some progress. I now have access to another app on the same port. Would not have found it without help. Can't see how to exploit it for a foothold yet though.
  • edited August 28
    @camk same. I think i know what to do next, but it throws error

    Guys, I hate and can't properly esrever, is it way to go upper? (
  • Great box overall.

    Beware a giant rabbit hole on initial foothold: you may gain admin access to the web application but still have missed the intended path.
  • Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root

    A nudge would be appreciated :)
  • Type your comment> @SN1CK3RDO0DLE said:
    > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root
    >
    > A nudge would be appreciated :)

    If you're www-data then you'd have to find another user ;) But from that other user it would be slighty easy to root. Just one small challange ;)

    Hack The Box

  • edited August 29
    I'm stuck in root. I think to need a nudge :)
  • Got user, really nice box !
    Looking for root now...
  • Type your comment> @jsarmz said:
    > Type your comment> @SN1CK3RDO0DLE said:
    > > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root
    > >
    > > A nudge would be appreciated :)
    >
    > If you're www-data then you'd have to find another user ;) But from that other user it would be slighty easy to root. Just one small challange ;)

    Small? Really? Am I wrong in my previous post? )
  • can i get a nudge on the second site to foothold?
  • edited September 15
    Struggling with the final step on this box. I have found the interesting file, and know what I need to do, but can't locate the info I need inside it. Anyone able to help?

    Update: Found it. A different tool helped - the one from the NSA works well.

    Thanks @TheCyberGeek for the box :)
Sign In to comment.