Reel

245

Comments

  • edited July 2018

    @Kevoenos said:
    Can somebody pm me about the privesc? Im currently the first user but cant figure out the syntax to use the .xml file...

    Spoiler Removed - Arrexel

  • I have a Y/N question: Has anyone gotten initial access to this box by using MSF to both generate payload and host server for remote shell? I can see with wireshark that at least part of my payload is executing but the remote shell is not happening.

  • Oh geez, never mind, my msf foo is lacking.

  • Im staring at some claire, but dunno how to use her! some tip from here?

  • is anyone available via DM to let me know if i'm on the right track for getting user ?

  • @josi said:
    Im staring at some claire, but dunno how to use her! some tip from here?

    Do something similar to how you came up with the steps to reach here.

  • This sure was a fun box. Was absolutely overthinking the process when I got user.. but with some subtle hints I got on a path which led to admin in a few minutes :+1:

  • ugh when you have the right idea and struggle to remember a fundamental requirement for it to become effective for over a day.

    Was fun though :smiley:

  • edited July 2018

    Finally done, learned so much from this box as I usually do more linux boxes. Congrats and thanks to @egre55 for this box !

    Manaratz

  • No box has challenged me as much as this one. So much learnt, and so much fun! The best box I've done so far. Thanks @egre55 great work.

  • Cheers guys & well done! Happy you learned from it :)

    egre55

  • So I've hit a bit of a wall on this one. I've managed to make it a ways in until I had control over the b***********s object, but it doesn't seem that one actually controls anything/has any real permissions. At least not that I can see. Is that object useful, or did I go down the wrong path?
  • hey ! i am stuck on this one
    don't know where to go can any one please give me any hint?
    i have the readme file. maybe have to m*** r**
    you can PM

  • Wow! @egre55 you created an Awesome machine! This was one of the most frustrating ones I have done so far but the most rewarding as it taught me a lot about some tools I have wanted to dig into further! I would say this would be similar to a real world scenario....

    Glad this one is done :-)!

  • edited August 2018

    Spoiler Removed - Arrexel

    dodo

  • I have got the user but stuck with priv esc. Any strong hint on decrypting xml file?

    Or am I heading in wrong direction?

    Kindly PM me.

    Hack The Box

  • @dodo said:
    Hi!
    I'm having some problems to privesc from tom, I saw the csv with all groups using the bloodhound aggregator but I dunno how to use those informations....

    Same here, I think I know what the next step is, but all ways I've tried so far resulted in permission error. Is there anyone I can send a PM to confirm I'm on the right track?

  • edited July 2018

    I'm also working to privesc from Spoiler Removed - Arrexel... With the info in the CSV should be enough to figure out the next steps? or we need to get more info for the tool to work?

    ompamo

  • Getting the use is fun part. but now I'm stuck at the root.

    any hints guys?

    lahirukkk

  • I managed to privesc from tom to ****** using the *****view to enable some commands and modify a property for the ****** user as tom.

    But now I'm stuck...again :disappointed: :D

    dodo

  • @dodo said:
    I managed to privesc from tom to ****** using the *****view to enable some commands and modify a property for the ****** user as tom.

    But now I'm stuck...again :disappointed: :D

    Happy to help feel free to DM me.

    Hack The Box

  • Got initial shell, I think I know more or less where I should go but no luck. Any hint please ?

  • @dodo said:
    I managed to privesc from tom to ****** using the *****view to enable some commands and modify a property for the ****** user as tom.

    But now I'm stuck...again :disappointed: :D

    Thanks! I was trying to do the same but with other tools. I used *****view and it worked :dizzy:

  • Hi,
    Could anyone PM me a foothold about this box? I found few ports open, and I tried to exploit these ports by using metaxxxx but I was failed, and also tried some other exploits about these ports, but also failed. Then, I have no idea what I need to do...

    Thank you.

  • Hmm, I've enumerated and have read some files and I am now researching what I see. Is this box attackable from Kali or do you need to be on a Windows machine? (PM would be helpful)

    LegendarySpork

    LegendarySpork

  • @LegendarySpork not necessary to be on a Windows machine, with Kali you can do everything you need.

    ompamo

  • edited July 2018

    .

    Crunch

    If you ask for help, plz include what you tried. Else no reply.

  • edited July 2018

    I originally thought so but suddenly felt uncertain ... kali has (or you can apt-get) loads of excellent tools for working with Windows, a few of which I have already used to get to this point. Thanks!

    LegendarySpork

    LegendarySpork

  • Give a hint about a privilege escalation from tom, please! I see that there's a pentest tool, but I can't run it. Any hint, please how to move a next step. Thanks in advance!

  • edited July 2018
    Hey guys, after owning several easier boxes I decided to try something slightly more difficult because what's the point if you don't advance right!? Well... Stuck pretty early on here but found some interesting stuff that surely are relevant at some point and another service I'm having a tough time enumerating what I feel is my way to initiate a foothold if anyone has time for a PM I'd really appreciate it! Just looking for some general advice.

    Edit:
    I think I actually found what I was looking for after reading more closely some docs available to me, hopefully now I can use that other service to get that delivered :v
Sign In to comment.