• Reread all previous comments if your shell fails after a few seconds...


  • any hint for priv esc?

  • I dunno if I'm going about it the right way but I'm trying to do something through my web shell as part of the way to get initial foothold but the server just hangs when I try to do what I'm trying to do :(

    I can't think of any other way to gain a foothold


  • @HomardBoy said:
    i can't get a f****** stable web shell for more than 30 sec ...

    You don't need more than 30 second. You know the file will be quickly deleted, so don't focus only on a webshell

  • I have RCE but I can't get how to get a shell. I really need a hint, this first contact sucks hard

  • @seiyathesinx said:
    I have RCE but I can't get how to get a shell. I really need a hint, this first contact sucks hard

    If you have RCE, think of ways you can transfer files.

  • Anyone able to help out, i've found the appropriate pages, I can upload some things, but nothing that gives either RCE or a shell. I've tried various formats, and bypassed the filter, but get either 404 or 500 errors, and it's not obvious if there's any pattern to that. Any pointers to either the format or type of payload would be helpful. just need a nudge needed, i'm happy to work on the rest


  • User took me 2 days... with a nudge to get me over the line. Root took < 5 minutes lol.

    I got thrown off big time because yesterday something I was trying to do kept crashing the server so I reasoned that I was doing was completely wrong. Then I went down a massive rabbit hole until I got that nudge which clarified that the server was not supposed to be crashing when I was doing what I was trying to do.


  • Thank you to the designer of this machine for the chance to get to know offer one of the basic tools in Kali. To this day I did not know what she offers.
    Thanks / Dziękuje

  • Can I shoot someone a DM and run through my current train of thought? I'm afraid I might be stuck down a rabbit hole

  • Got user. I see here root is easy/quick/obvious. Any hints? Says no patches but none of the current criticals work for me. might be the crappy shell I am using.


  • Was the crappy shell. Got meterpreter, pwned soon.


  • edited June 2018

    cant find user.txt anywhere, any hints?
    edit: nvm :) i forgot how to use dir

    Hack The Box

  • Hi, I'm still quite new to web applications side of things. I managed to find something that I know it will be used. But for that I would need to do some action before. Can anyone give me a hint or point me to a resource so that I can learn about it? If you prefer you can DM me

  • Can't get my rev_tcp to connect back. Built it with file format and arch in mind and can upload it but nothing back when i visit it, no events in wireshark for some reason. Anyone able to tell me what im doing wrong with it or just plain say im going the wrong route :-)

  • could someone help i run dirb i found directory but nothing else i enumerate something about but i don't know what to do

  • Anyone have a pointer for the shell portion? I believe I know the file I need to upload to do RCE, have tested this by executing a ping to myself and I see the results in tcpdump. I have not been able to figure out how to get the RCE to display anything back to me or to execute webshell's (I always get a 500 error). Any pointers let me know, feel like I am close just must be overlooking something simple.

  • Hint about uploading file. I used bull Injection, bypass using double extension and Invalid Extension Bypass with no success. In addition I tested with whole extensions I know in order to define whitelisted/blacklisted extension

  • There is an article how you can execute commands after some generation IIS. But I couldn't copy and use this code. After rewrite starter works
  • @Maniek said:
    There is an article how you can execute commands after some generation IIS. But I couldn't copy and use this code. After rewrite starter works

    Would you mind to send me (PM) the link of this article ?


  • Got root, PM me for any hint ;)


  • hahahahah, i don't know how HTB accepted this box,
    this box is less than script kiddies level :D,
    However thanks for the creator

  • edited June 2018

    I am doing foothold step. This is super easy if you did Aragog machine :D
    Oops. Wrong box!

  • Interesting and fun box - and humbling ... theoretically I should have known about the intital foothold as I worked with that platform / service since a long time. But seems I had to test every not applicable exploit and misconfiguration until I googled the correct one.

    My hint, with hindsight: If you find some non-working exploits / interesting articles that sound as if they should apply here but aren't - take a look at the names of the guru researchers whose names come up again and again - the guys who found several exploits. Check what else they have written ....

  • Having issues with how to make use of the RCE, can see ping when execute, but haven't been able to make any use of it, partly because I can't get any output working in my code so I can see whats what. Anyone able to drop me a message or a push?

  • @J3rryBl4nks said:
    Is anyone able to get a stable shell? Mine keeps getting a 500 after 2 requests.

    ITs because there is too many people overwriting your file. You just need to use your initial shell to create another one that is a bit more stable. Think about things you can upload perhaps things that are available in linux by default that you usually use.

  • Someone able to send me a DM with a small hint on how to get the initial shell?
    I think I have RCE, managed to find an example showing that I have RCE but every further step throws a error 500 :(

  • Please help, I've found some directories but no file so far, always havin 403 forbidden error, whats next?

    "I have no special talents. I am only passionately curious"
    Besides hacking let's be friends |

  • got root :) dug a bit further based on some pointers...

Sign In to comment.