Celestial hint

Hi,
I'm new to this field and would like to know where can i find hits to that machine. If should be one of the easy ones ... still I only see port 3000 open on it ......

«13456712

Comments

  • just don't overthink on this one

    irfan

  • hmm..... ok, anything else ?

  • Better to work on the things that u got

    irfan

  • So do I ...... I'm stuck. Hints are welcome.

    Everything is possible, every road is a possibility.

  • search about the running service

  • I'm trying the exploit but I just keep getting a connection reset in Burp. Not sure what's wrong. Followed the instructions

  • edited March 2018

    Ok - first - this may be a spoiler so take it into consideration.
    Now - I managed (using burp suite) to fin the following: "username":"******","country":"********","city":"*********","num":"*******"
    Question is - where do I enter this username and these creds? ?

  • @eransh10 They Might not be needed. See what else can you change with Burp

  • Anyone on privesc?

  • I'm trying to work on the privesc but people keep resetting the box :anguished:

  • @jatinluthra14 - Do you have a reference of good burp tutorial ? I'm kinda new in the hacking space ...

  • Watch ippsec's videos he uses it extensively since web servers are pretty big attack surfaces.

    There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

    Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

  • hi @mercwri - would appreciate a link to this article...

  • @eransh10 I won't link it the thread since it basically is a spoiler. But the solution to getting a reverse shell is easily found if you look at what is running and search for common exploit methods to be used against it.

  • So i've figured out what I need to do via Burp so that I get different responses but I'm struggling with what precisely I need to change to get a foothold. I can manipulate the responses but right now all I seem to be able to do is print different messages or get errors from the server.

    I'd appreciate a nudge or helpful DM. Thanks guys!

    SpiceKing

  • Any hints on priv esc?

  • @meni0n said:
    Any hints on priv esc?

    Look at the user's home and you have all what you need.

  • i am having hard time with getting foot hold - if someone could PM for hints plz

  • edited March 2018

    @mercwri said:
    Watch ippsec's videos he uses it extensively since web servers are pretty big attack surfaces.

    There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

    Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

    not sure if i am doing a spoiler , done some research.
    according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

  • "There is an article that basically gives this machine to you if you can understand what it is running and what it is doing."

    ..I follow the exact steps and I keep getting errors!!!..weird!!!!

  • ???? If it's the one I am thinking of how??

    monkeychild

  • @wh0am3y3 said:

    @mercwri said:
    Watch ippsec's videos he uses it extensively since web servers are pretty big attack surfaces.

    There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

    Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

    not sure if i am doing a spoiler , done some research.
    according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

    You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

  • @mercwri said:

    @wh0am3y3 said:

    @mercwri said:
    Watch ippsec's videos he uses it extensively since web servers are pretty big attack surfaces.

    There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.

    Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.

    not sure if i am doing a spoiler , done some research.
    according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?

    You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.

    Thanks a lot , tried some things but got some errors , I'll get down on this one ,until i succeed :)

  • Anyone use an existing exploit to get root? Can't find much that stands out otherwise...

  • I need a priv esc hint. pleaassssseeee someone? I am getting more frustrated than American Pie.

  • Read through a few articles going over the same exploit, running into "An error occurred...invalid username type". If I try to replace other variables, I still don't get a reverse shell. Any nudge in the right direction would be appreciated.

  • @crybabycarlos said:
    Read through a few articles going over the same exploit, running into "An error occurred...invalid username type". If I try to replace other variables, I still don't get a reverse shell. Any nudge in the right direction would be appreciated.

    I am getting the exact same errors... If i wasn't already bald I'd be pulling out my hair

    H4ck3d5p4c3

  • @Nutellack said:
    get same error message but it's working fine, I get a shell,
    did you control if your listener connects ?

    You get the same error and it still connects? Hmmm, I will have to go back and see if there is something I am doing wrong... Are you using nc as a listener?

    H4ck3d5p4c3

  • I'm also haveing some trouble getting a foothold. I get where I have to do it, I have just tried alot of things, and for some reason the port goes down every 5 min right now.
    A hint would be appriciated, pm :anguished:

  • Just got the user flag. The biggest hint I could give is that there is an article and video on the internet that pretty much walks you through it. Enumerate the services and start looking for juicy articles on them.

Sign In to comment.