Europa

edited October 2017 in Machines

So I've made my way into a place but am stuck with where to go from here. It appears as though only two pages exist and no matter what I do on either of them, nothing else loads.

Any pointers would be greatly appreciated.

Tagged:

Comments

  • run nmap intensive

    peek

  • I've already made it into an admin panel. I just can't figure out where to go from there.

  • Burp is your friend.

    likwidsec

  • @enki said:
    I've already made it into an admin panel. I just can't figure out where to go from there.

    Try to understand what's happening in this admin panel. If you try to guess the internal functionality, you will find a way to exploit it

    RevangelyonX

  • @RevangelyonX said:

    @enki said:
    I've already made it into an admin panel. I just can't figure out where to go from there.

    Try to understand what's happening in this admin panel. If you try to guess the internal functionality, you will find a way to exploit it

    This definitely helped me. A nudge like this is the best. It simply reminds you to keep enumerating based on what you already have. Bravo!

    x0xxin

  • edited October 2017

    hey - i have 2 addresses that I could visit (both ending in .htb) but i can't get them to resolve in my browser. I have added them to hosts as well yet they still don't work.

    I'm not sure how to change any other configs for this to work (kali).

    cheers

    EDIT: Managed to get them to show! :D

  • How did u get the . htb site to work?

  • @nevetherym said:
    How did u get the . htb site to work?

    check how a web address works when you enter it in browser. from the url box till the page content displays. You'll see whats missing.

    Hack The Box

  • Also struggling with the .htb domains, tried hosts, resolv.conf and burp with no luck so far

  • Can I message someone for a hint? I am in the web interface. I can execute code on the box. But having issues with the next step

  • edited October 2017

    @brainphreeze said:
    Also struggling with the .htb domains, tried hosts, resolv.conf and burp with no luck so far

    If you've tried hosts already, you did something wrong. Make sure you have a valid SSL certificate for burp loaded in your browser.

    likwidsec

  • @briyani I tried editing the host, resolv.conf file but getting the same apache page. I also tried all DNS recon tools like nslookup, dnsenum, dig etc. but I'm missing something stupid, Don't know what.

    A PM would be really appreciated.

  • I figured it out, won't need a PM :)

  • i have access to admin panel and i am blocked here. Not able to go any further. There are hardly few things i can change but cant figure out exactly. Any clue here ?

  • @TheSecEng said:
    Can I message someone for a hint? I am in the web interface. I can execute code on the box. But having issues with the next step

    Same situation here...I have code execution on the box and could grab the user.txt but I can't go further. I'm trying to get a shell but multiple netcat attempts for a reverse shell failed. I've tried other things like adding a ssh key into authorized_keys but that didn't work either. I'm just not getting it.

    LainIwakura

  • @LainIwakura said:

    @TheSecEng said:
    Can I message someone for a hint? I am in the web interface. I can execute code on the box. But having issues with the next step

    Same situation here...I have code execution on the box and could grab the user.txt but I can't go further. I'm trying to get a shell but multiple netcat attempts for a reverse shell failed. I've tried other things like adding a ssh key into authorized_keys but that didn't work either. I'm just not getting it.

    There are several other methods of obtaining reverse shell than nc. in fact, i've found that the version of nc on most HTB machines don't support the -e flag.

    likwidsec

  • does anyone mind if i PM, i need to be set in the right direction on the admin panel, i can see the 2nd page is of interest but ive tried many things and i couldnt get any progress, some mentioned that they got code execution in there.

    does anyone mind to explain for me whats going on on that page ? like is something getting executed after pressing a button, or is that thing being saved somewhere on the system ?

  • @shadow12 feel free to PM me if you're still stuck on that portion.

  • I have a reverse shell access, but i am unable to elevate privileges, any tips ?

  • Emu more... Kalki

  • @Blackh0le said:
    hey - i have 2 addresses that I could visit (both ending in .htb) but i can't get them to resolve in my browser. I have added them to hosts as well yet they still don't work.

    I'm not sure how to change any other configs for this to work (kali).

    cheers

    EDIT: Managed to get them to show! :D

    Remember - not all web requests are made on port 80 ;)

    Hack The Box

  • edited October 4

    I added ******** to the host file but it doesn't seem to work plz help I am stuck !!!

  • @jivanshu said:

    I added ******** to the host file but it doesn't seem to work plz help I am stuck !!!

    You've probably asked this in the wrong thread. I'd suggest https://forum.hackthebox.eu/discussion/3855/official-doctor-discussion#latest but what you have posted is a spoiler, so be careful how you ask the question.

    When you say "it doesn't work" - you need to be clearer about what that means. The error messages you get explain the problem and its unlikely any server gives a "it doesn't work" error.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.