Olympus

After spending a lot of time on enumerating dns & web i found nothing, except someones' webshells. Tried stego as well.
Any hints on that machine?

Hack The Box

«13456711

Comments

  • So do I. Hints are welcome.

    Everything is possible, every road is a possibility.

  • Hm bit early for hints as the machine have only been up a day...

  • @shellyhx said:
    Hm bit early for hints as the machine have only been up a day...

    well i'm trying to compromise for ~10h already

    Hack The Box

  • Very nice machine. Just started and have the footprint. The question is how to exploit this because I never played with this "stuff". Some research will be needed.

    For developers it should be a piece of cake, but I'm unfortunately not a developer.

    m4rc1n

  • No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can't access/exploit without knowing host_id value...

    cgrenier

  • I have shell, but cannot find user.txt. Did you manage to get it?

    @cgrenier said:
    No need to be a developer to exploit this bad configuration. Google for it, there are exploits listed on the first page, the Chinese paper is great. I am stuck a little bit further with a password, a remote (outside htb) cache of data I can't access/exploit without knowing host_id value...

    m4rc1n

  • If you have enumerated for 10 hours and haven't found anything, the hint you are looking for is probably this: PAY ATTENTION.

    lokori

  • I found what i needed, right now having new problems again c:

    Hack The Box

  • got root, that was exciting

    Hack The Box

  • i found an exploit from 2000 but its not working :/

    Hack The Box

  • Hi. I found that stuff about bad development config, but when I try to use it, the server communicates with my machine, but then sends a rst packet. Is this part of the challenge, or is there something wrong with my machine?

  • I'm from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

  • @lehrling said:
    I'm from Brazil, and this bad development config has a connection timeout that is not big enough for the connection to succeed. I just changed my vpn from europe to usa and everything worked as expected.

    Yes, I know your pain.

    Hack The Box

  • Any idea on how to get a tty on this machine?!?

  • @Mefistogr said:
    Any idea on how to get a tty on this machine?!?

    look closely onto web :)

    Hack The Box

  • agreed, timeouts have been killing me lol

    Ar3s

  • This machine is driving me crazy. I've run multiple recon tools but I can't get anything useful to get the initial foothold. If someone wants to help me, I would really appreciate a PM

  • I have shell, and I have found something interseting, from which I have derived something and cracked something else. No idea what to do next, as in order to use these findings a certain type of interface has to be available, which it doesn't seem to be?

  • Hey guys ,any hints for non-visible user.txt ? Also is the capture relevant or just a rabbit hole ?
  • Though this box is a bit unstable at the foothold stage, it absolutely is one of the more fun machines. I dig the story line approach.

  • In the same boat as uck084. I know where I want to go from here, but don't know how the pcap is relevant, and I'm not seeing much else. Any help is appreciated.

  • @cdf123 said:
    In the same boat as uck084. I know where I want to go from here, but don't know how the pcap is relevant, and I'm not seeing much else. Any help is appreciated.

    I can tell that there are two ways to deal with this stuff -:)

    m4rc1n

  • @macw141 said:

    @cdf123 said:
    In the same boat as uck084. I know where I want to go from here, but don't know how the pcap is relevant, and I'm not seeing much else. Any help is appreciated.

    I can tell that there are two ways to deal with this stuff -:)

    And each of them gives a different result ;-)

    m4rc1n

  • edited April 2018

    I always got RST packet ... I can't change my vpn to usa (NOT VIP..) , what can i do !?

  • something to do with DNS or just a rabbit hole? I've been enumerating but not getting anything. Also, crawlers did not give me anything.

    Randsec

  • @Randsec said:
    something to do with DNS or just a rabbit hole? I've been enumerating but not getting anything. Also, crawlers did not give me anything.

    web :)
    no need to enumerate

    Hack The Box

  • @owodelta said:

    @Randsec said:
    something to do with DNS or just a rabbit hole? I've been enumerating but not getting anything. Also, crawlers did not give me anything.

    web :)
    no need to enumerate

    Any nudge on what we are supposed to do with the web page we got?

  • Try a different tool, something that doesn’t numerate.

    hendrikvb

  • edited April 2018

    Fair Warning: The step after the cap (you'll know what I mean when you see/do it) is (imo) lame. It requires a bit of guessing on what to do next as something that shouldn't be used as something IS used as something...

  • Stuck opening the portal to Hades. Pretty sure i know what to do, but maybe my timing is off? Anyone able to message me?

    darkoria

Sign In to comment.