Hint for Fighter

24

Comments

  • edited June 2018

    @adyd @valkyrix

    For people who cant find the members section: You were given important information in the first blog post (It's marked as important!). Probably means the creator intends you to use it. Think it through. Think how you should leverage that information. Think HOW you can use it.

  • @XXYXZX said:
    @adyd @valkyrix

    For people who cant find the members section: You were given important information in the first blog post (It's marked as important!). Probably means the creator intends you to use it. Think it through. Think how you should leverage that information. Think HOW you can use it.

    thanks, think i found it. not just to figure out how to actually get into the site ._.

    Hack The Box

  • @valkyrix said:

    @XXYXZX said:
    @adyd @valkyrix

    For people who cant find the members section: You were given important information in the first blog post (It's marked as important!). Probably means the creator intends you to use it. Think it through. Think how you should leverage that information. Think HOW you can use it.

    thanks, think i found it. not just to figure out how to actually get into the site ._.

    Let's just say that this step is simpler than you might think. A lot of funkiness going on there but stay old school and straightforward.

  • what to inject, it's been weeks im trying without results ?

    peek

  • edited June 2018

    @peek
    A lot of times it's very hard to know WHAT if you don't fully explore HOW. :blush: It seems counter intuitive but it helps in puzzles like this.

  • @XXYXZX said:
    @adyd @valkyrix

    For people who cant find the members section: You were given important information in the first blog post (It's marked as important!). Probably means the creator intends you to use it. Think it through. Think how you should leverage that information. Think HOW you can use it.

    I've googled and attempted different URLs based on the newest post on the page with nothing but 404s. Can someone PM me nudge me along?

  • @XXYXZX said:
    @adyd @valkyrix

    For people who cant find the members section: You were given important information in the first blog post (It's marked as important!). Probably means the creator intends you to use it. Think it through. Think how you should leverage that information. Think HOW you can use it.

    After intensive playing with options everything I got is 301 Moved permanently to "old" member site and 403 forbidden again -:(
    Really frustrating.

    m4rc1n

  • any hints on what to do after u find the members page? been stuck for a while :persevere:

    Hack The Box

  • @valkyrix same here. I've sqlmap'd the shit out of it and tried manual .net specific injections with no luck.

    Excidium

  • Anyone I can PM about fighter? I've logged into the members page and can also get some data the same way I got creds for the page, but everything I can find on running code is not working. Not much I can put on the forum without spoiling unfortunately. Just wondering if I have something unintended, a rabbit hole or I just need to try harder. =P

    Excidium

  • I'm at a similar spot, I've got a login and have looked for more information where I got the creds. However I can't seem to find any way to run code. Any nudges? Feel free to PM if you can't give a little nudge without spoiling previous steps.

  • @Morfaroth said:
    I'm at a similar spot, I've got a login and have looked for more information where I got the creds. However I can't seem to find any way to run code. Any nudges? Feel free to PM if you can't give a little nudge without spoiling previous steps.

    +1

    Hack The Box

  • I do not know the creds for forum but found a way to run command in system.
    I cannot upload standard executable file :(

  • @smjogi you won't need to upload an .exe since it's windows... there are other ways to get shells without an executable if you have command execution. I still have not been able to get even user with a shell though and I've dumped a ton of time into it. It's a tough box, probably the best one I've worked on in HTB honestly. Usually the box name has some reference to initial or privesc but I'm not sure this one does.

    Excidium

  • @excidium said:
    Anyone I can PM about fighter? I've logged into the members page and can also get some data the same way I got creds for the page, but everything I can find on running code is not working. Not much I can put on the forum without spoiling unfortunately. Just wondering if I have something unintended, a rabbit hole or I just need to try harder. =P

    I'm at a similar spot, I've got a login and but i don't looked information for the creds :/
    Anyone can give a hint to me? :)

  • edited July 2018

    Spoiler Removed - Arrexel not working why?

  • hi, can somebody give a hint on logging into the members area? i found an injection point, but all I can dump is either gibberish or encrypted.

    thx!

  • Yay finally rooted.
    hardest box ive done yet.

    Hack The Box

  • edited July 2018

    This box was a tough fight .... But learned a lot from this.

    ninpox

  • edited August 2018

    got shell. and priv esc, working on the final step for the flag if anyone can assist me with a hint. I have one of the key parts but i need another part.

  • edited August 2018

    nvm

    izzie

  • found the member page and found a vulnerability which I am exploiting. I was able to get some data out which should have provided me auth access to portal but continue to get an error message...

    d4rkm0de

  • edited August 2018

    I need a hint on getting the root flag. Please someone PM me

    *** I finally got the root flag. Its was fun and i learnt some things*** Thanks to hendrikvb, valkyrix and echel0n1881for their hints and help :) :+1:

  • i got injection and can see some W*b T****b any hint how to move further

  • edited August 2018

    can someone pm me to validate what I have found so far and guide me a step forwards? I am trying to exploit the old members site.

  • edited August 2018

    I could use some help, if someone could PM me.

    *** Just when you think you've tried everything and you feel like reaching out for help, only then do you dig deeper...and find the page ***

    w4rr4nt

  • Can anyone PM about where i can stick the needle? (so to speak)

  • ask someone does this link work *****.streetfighterc****** ?

  • @XXYXZX said:

    @valkyrix said:

    [...]

    thanks, think i found it. not just to figure out how to actually get into the site ._.

    Let's just say that this step is simpler than you might think. A lot of funkiness going on there but stay old school and straightforward.

    This means that I am missing something - if I am not ready with bruteforce after one week, then I do it wrong right?

  • i need a hint to get shell im able to execute

    Raouf09

Sign In to comment.