Official Horizontall Discussion

Official discussion thread for Horizontall. Please do not post any spoilers or big hints.

«1345

Comments

  • rooted, easiest box ever!

    Hilbert

  • The machine won't be released for another 3 hours.
    Security+ ce | Pentest+ ce | CNVP | https://ericturner.it | Discord: @eric_#9732
  • edited August 28
    > @cyberic said:
    > The machine won't be released for another 3 hours.

    I know, I'm just trying to get ahead of all the similar comments!

    Hilbert

  • Type your comment> @Hilbert said:
    > > @cyberic said:
    > > The machine won't be released for another 3 hours.
    >
    > I know, I'm just trying to get ahead of all the similar comments!

    Most comments in such threads are like
    R00t3d 3zp3z kthxbai, pm for help.

    -- Never responds to pm
  • I have no idea what I am doing
  • This might be the fastest I have run into a wall on an easy machine!
  • I actually found the s*******o also version, found a vulnerability for RCE but needs auth in like 10 mins and I have been stuck for like an hour to find out how to exploit the r***t p******* mechanism. I am now just viewing the source code to literally find out how it works.
  • Type your comment> @tsheva said:
    > I actually found the s*******o also version, found a vulnerability for RCE but needs auth in like 10 mins and I have been stuck for like an hour to find out how to exploit the r***t p******* mechanism. I am now just viewing the source code to literally find out how it works.

    Any hint on where to get the creds to auth on s******?
  • I think I know what vulnerability to exploit for foothold but can´t for my life find information on how to trigger it. I suck at google.... :(

    f1rstr3am

  • Type your comment> @Hilbert said:
    > rooted, easiest box ever!

    haha. Love the sense of humour :expressionless:
  • Completely stumped here!!

    I've got username enum from one source but just can't get any further.

    I think i'm spending longer trying to decode @tsheva's cryptic message, than trying to hack the box now :-)
  • Going no where. Found nothing. Like the Knife box before. Maybe I should open burp and try it later
  • edited August 29
    ~Any nudges for root? Went after apparent paths and didnt find much. Still s***** user.~
    EDIT; just rooted - Shot in the dark with the exploit but ended up getting results.

    Man this one was CVE after CVE :lol:

    zweeden

  • edited August 29
    Foothold/User: After you recover your way into the dashboard, maybe you can install a plugin
    Root: Sometimes debugging can be too much interactive

    Thanks to the box creator :)

    Hack The Box

  • edited August 29
    Rooted. That's a box with lots of CVEs and learning each one of them was actually quite fun.

    Foothold/User: enumerate around and try finding new paths for you to explore. Once you've recovered your way into that dashboard, you can try installing some plugin that may lead you to the right shell.

    Root: check what is running on the box and check its version. Look it up and see if you can find something to exploit it. Maybe you're gonna have to download a lib to be able to do so. As @jsarmz said, debugging is tricky.
  • edited August 29
    I left the box as user, trying now to get root.

    I think it has to do with l*******e and found l*******n. I used it but nothing happens. I hope I am not down a rabithole again.
  • edited August 29
    Rooted yesterday. Hardest part was finding where to start, then it's a few CVEs, if you don't find what you need @github, google more.
  • Any nudge on foothold?
  • Ok, finally got it. But I would rank this as medium. The steps are easy when you know them, but It´s a lot of googling, trial and error since you are unable to see if you are on the right path. And for someone who overthinks stuff there´s a rabithole aswell. I need to get more wild and fire of things with every possible parameter rather than analysing too much. But it was a nice box in the end.

    f1rstr3am

  • Type your comment> @m3mphi5r4r said:
    > Any nudge on foothold?

    Check website code and like others said...CVE
  • Type your comment> @f1rstr3am said:
    > there´s a rabithole aswell

    If you mean the g****e d***e path - I wasted no less than an hour on it.
  • edited August 29
    I'm a beginner but I'm stuck. I'm playing around website but I didn't see anything in burp and gobuster. :/
    Any hints?
  • i have found the exploit and i know how it works but i can't find the users creds maybe give me hint ?
  • edited August 29
    Well, i've got user.txt but can't understand how to get access to ssh, lol!
    ------
    NVM. rooted. Pretty nice box, really nice user. But i don't know why is that necessary to create 1 more user. Seems like rabbit hole

    Anyway, thx for box!
  • > @unicodesquare said:
    > Well, i've got user.txt but can't understand how to get access to ssh, lol!
  • edited August 29
    Hi,
    I'm the creator of this machine , i hope moderators don't consider this comment as spoiler.
    So i'll give some tips may this help you:
    Foothold: When you found that hidden web interface , you better not rush and use All CVE your found on google , first find the VERSION of that dashboard than chain your attack So you can get a Foothold on the machine.

    Root: use the tunnel , and don't forget about other response codes .

    I Hope y'all enjoy this box and learn new stuff.
    https://twitter.com/WailBld
  • well I found> @esio said:
    > I'm a beginner but I'm stuck. I'm playing around website but I didn't see anything in burp and gobuster. :/
    > Any hints?

    search for the vhost in gobuster i used ffuf and found some interesting stuff
  • Ok i finished the box after pausing for a day or so. The initial foothold is not hard , neither the root, but the l*****l page looks like it doesn't make sense or "connects" to the rest of the machine.
  • got the foothold, but stuck on the initial s***** shell. guess root is a long way to go, gonna sleep
Sign In to comment.