Poison

1111214161723

Comments

  • Any hints on priv escalation? stuck here!!

  • Finally! Got r00t?

  • stuck on unzipping - getting error: "event not found" when trying to unzip with password

  • @xaqhary said:
    rooted, if anyone needs a shove it the right direction give us a PM.

    Hey i can't unzip the file, I tried the default password list "rockyou.txt". it didn't give me any output. Can you plz help....

  • @Ethic said:
    @J0ckr , often, when you try to crack a password, you have a wordlist, right ? So, what wordlist could you build with what you learned about the box ? Think about informations you already have.

    hey i tried to unzip using the default password "rockyou.txt" but not luck. Can you help me ....

  • Any hints on priv escalation? stuck here!!

  • @J0ckr , I have sent you a PM.
    @DarthVaper , try to unzip on your local machine.

    @newhacker96 , I try to gain access to root too. I think I am close.
    First, you need to enumerate. You can use LinEnum.sh or just use some commands and see informations you get. If you are new in pentest, read about what enumeration is and how you can do it. Then, you will find something you can use. At this point, you need to think how a sysadmin could use what you found.

  • I need some help.........found usernames and decoded the code, ssh does not work that decoded password..........Dont know what to do..........somebody help......

  • someone PM me how to use the secret file . I was able to unzip it but no clue how to proceed further.

  • Hi, used lfi, got some files.. I have the usernames and the encryptet code.
    I'm now struggeling with the decryption. Tried several algorithms, but it doesn't work. It would be great if somebody could give me a hint. Just a hint, not the solution.. (:

  • stuck in the same place

  • Done and glad for it!

    Two things to keep in mind for this box
    1. You don't need to bruteforce the zip file because the password is probably within the first 10 you should try manually

    1. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
  • @gm0 said:
    Done and glad for it!

    1. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.

    The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I'm stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can't find the particular option. Please, give me a hint.

  • Is there anyone who can help me about poison machine ?

  • I don't know if I'm on the right road. I've successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?

    v1ew-s0urce.flv
  • @DarthVaper said:
    stuck on unzipping - getting error: "event not found" when trying to unzip with password

    Trying unzipping it with other tool.

    v1ew-s0urce.flv
  • Aight, got the user and root ! Learned a lot, nice one.

    @xdaem00n think about security, you want to do it in a secure way.

  • @Ethic said:

    @gm0 said:
    Done and glad for it!

    1. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.

    The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I'm stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can't find the particular option. Please, give me a hint.

    I did it ! Finally ! I tried to use the wrong secret file, so it didn't work well. I am a stupid guy.

    @xdaem00n said:
    I don't know if I'm on the right road. I've successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?

    Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?

  • @Ethic said:
    Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?

    Finally, I solved it. It is not too difficult. @Ethic this tip is very useful for me, thanks. :smile:

  • @resiliencia90 said:
    Hi, used lfi, got some files.. I have the usernames and the encryptet code.
    I'm now struggeling with the decryption. Tried several algorithms, but it doesn't work. It would be great if somebody could give me a hint. Just a hint, not the solution.. (:

    This is my second machine & I'm in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

  • @opanwar said:

    @resiliencia90 said:
    Hi, used lfi, got some files.. I have the usernames and the encryptet code.
    I'm now struggeling with the decryption. Tried several algorithms, but it doesn't work. It would be great if somebody could give me a hint. Just a hint, not the solution.. (:

    This is my second machine & I'm in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

    Nope, will work on it now. Going to take a step back and enumerate more.. maybe we missed something?!
    Also tried log-injection but weren't able to get a shell.
    It's also my second machine.. Nibbles was easier :-P

  • I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file...stuck:-(

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • @opanwar said:

    @resiliencia90 said:
    Hi, used lfi, got some files.. I have the usernames and the encryptet code.
    I'm now struggeling with the decryption. Tried several algorithms, but it doesn't work. It would be great if somebody could give me a hint. Just a hint, not the solution.. (:

    This is my second machine & I'm in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

    @karelchajim said:
    I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file...stuck:-(

    Got the shell. Now an priv esc.
    Thank you guys, already learned a lot.

    If you still need a hint feel free to send me a message.

  • If anyone needs a helpful nudge, feel free to PM me with what you've done and where you're at. Fun box!

    Arrexel

  • I got user on this box but in spite of reading the threads here, and running linenum, I can't get root. Anyone want to PM me a hint?

  • @resiliencia90 said:

    @opanwar said:

    @resiliencia90 said:
    Hi, used lfi, got some files.. I have the usernames and the encryptet code.
    I'm now struggeling with the decryption. Tried several algorithms, but it doesn't work. It would be great if somebody could give me a hint. Just a hint, not the solution.. (:

    This is my second machine & I'm in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

    Nope, will work on it now. Going to take a step back and enumerate more.. maybe we missed something?!
    Also tried log-injection but weren't able to get a shell.
    It's also my second machine.. Nibbles was easier :-P

    Ha, that was my first machine as well. I sent you a PM.

  • @n0bf said:
    I got user on this box but in spite of reading the threads here, and running linenum, I can't get root. Anyone want to PM me a hint?

    Find answers to the following questions, and you should be on the right way.
    What is a sysadmin ? What is his work ? How does he work ? How does he work securely ?

  • @Ethic give you a good hint but I would add.
    Think like most sysadmin think"

    In this thread @NanoByte said

    This box is not about thinking outside the box, its about thinking about this person and >>how they use the box. If we start enumerating the box we find several interesting things. >>Maybe there is a service of note. Many of you have found this service but have found >>yourself not able to utilize it. Think about how the person who owns the box would >>utilize it? Maybe there are guides online that he followed to secure it the way its secured? >>I bet if you did some googles from the prospective of the user of the box trying to set it >>up you would figure out really fast."

    This is a good hint !

    Jomar

    1. How does one unzip the file on the machine? I don't see an option for adding a password for unzip

    2. If it can't be unzipped on the machine how does one download the file? I tried scp but keep getting permission denied

    Any hints?

  • @DrChud It is possible to unzip it on the machine, consider trying other tools to unzip.
    It is possible to unzip it on the machine, but read about netcat.

    Whoever that is resetting the box every five minutes, plz stop

    v1ew-s0urce.flv
Sign In to comment.