Dev0ops hints

edited June 2018 in Machines

Spoiler Removed - Arrexel

Tagged:
«13456721

Comments

  • edited June 2018

    Spoiler Removed - Arrexel

  • edited June 2018

    Spoiler Removed - Arrexel

    Hack The Box

  • edited June 2018

    Spoiler Removed - Arrexel

  • edited June 2018

    Spoiler Removed - Arrexel

    Hack The Box

  • edited June 2018

    @Frey said:
    Spoiler Removed - Arrexel

    Thanks Frey, done that. Would doing so allow me to read a file that provides access to another service (lower port) on the box? Or am trying to achieve RCE?

  • edited June 2018

    @xnumber7 said:
    Spoiler Removed - Arrexel

    you can get something, that will allow you to get a connection through that port

  • edited June 2018

    @w31rd0 said:
    Spoiler Removed - Arrexel

    You da man. Interesting article floating out there called "When All You Can Do Is Read" that really nailed this down for me. If this is considered a spoiler, please remove.

  • edited June 2018

    Spoiler Removed - Arrexel

    Hack The Box

  • How did you overcome internal server error? I tried all techniques to read the files I found and none of them is working for me so far.

    m4rc1n

  • edited June 2018

    Spoiler Removed - Arrexel

  • edited June 2018

    Spoiler Removed - Arrexel

    m4rc1n

  • Spoil Much in this thread?
  • @3mrgnc3 said:
    Spoil Much in this thread?

    I agree ... Too many spoilers in here!

    Hack The Box

  • Please watch the spoilers, there was one in almost every post so far.

    Arrexel

  • Way to go, sorry for spoiling that much well for everyone that got the hints before Arrexel deleted them have fun. :'(

    Hack The Box

  • Enumerate, it is fairly obvious if you look around enough. (Sorry I know everyone hates that answer but especially in this case it should be pretty obvious if you look in the right area)

    Feel free to follow me on Twitter @BenGrewell for tutorials, videos and other infosec related posts.

  • i wont say anything anymore in the forum. (it's not a hint nor a spoil). feel free to report this comment as spoil.

    peek

  • Privesc: read.

    Randsec

  • stuck at Internal Server Error. Pm hint pls

  • @realbadhorse said:
    stuck at Internal Server Error. Pm hint pls

    hint is there infront of you

  • The best hint I would give is to read what you have found is actually telling you, and then check out the OWASP TOP 10 for 2017.

    plackyhacker
    ~|OSCP|OSCE|~

  • edited June 2018

    This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I don't really like that kind of hacking :) So the hints are not hidden, they are there. I hope you like it.

    lokori

  • am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :)

  • @xtech said:
    am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :)

    nevermind found the page. better not ban dir scanners next time :P

  • @xtech said:
    am i missing something? not finding anything in the available web pages. Dirbuster giving me errors.Also, tried using an exploit against the P***** Server but no output. am i on the right track or what? and if someone would PM me it would be great :)

    feel free to PM me. :)

    menoetius
    | OSCP |

  • who keeps crashing the machine? OMG!! i managed to get user but someone keeps crashing it and i spent all my resets for the day.

  • Just rooted this amazing box. thanks @lokori you did a very nice job building it. and thanks @menoetius for help :)

  • edited June 2018

    Spoiler Removed - Arrexel

  • edited June 2018

    Spoiler Removed - Arrexel

  • Hey @cichy. Thanks I figured out how to read files and gotten some useful info like usernames but not sure where to go from here. Is bruteforcing required after that?

Sign In to comment.