Hawk

1101113151618

Comments

  • Has anyone else had a problem with a php reverse shell? I leave netcat listening, and I get a connection, and then it closes immediately. On the web front, it says connection refused.

    Hack The Box
    OSCP

  • @sh3lbst3r said:
    Has anyone else had a problem with a php reverse shell? I leave netcat listening, and I get a connection, and then it closes immediately. On the web front, it says connection refused.

    Try another one

  • So I got the file cracked using my own trivial script like others have done, it seems. But what is wrong with the github tool b*********-s*****-o******? Seems to be the right tool for the job, and the syntax is simple? Not that it is a very big deal, but maybe someone would be kind enough to tell me in private a syntax that allows the tool to work? Might be nice to know.

  • Anyone wanna PM me a hint for the initial access vector? Drupal seems to be a rabbit hole

  • Need a hint on privesc, tunnelled access to the console, struggling to find an exploit/creds...pls PM! Thanks

    Disloquer

  • This MACHINE SHOULD OF BEEN 50 points who agree with me took me 5 weeks to get user/root at last thanks waspy and pzylence

    for assisting me i am bit disapointed this machine is 100 times harder then mischief i think they should of increased the points for it :) just my

    Arrexel
    OSCP | OSCE half way!

  • Got a shell with w........ user but I need an ssh user. can't find d....... password. Where to look?? I think I enumerated all the box... please PM an hint... thanks

  • edited September 2018
    @th3C0untZ3r0 said:
    > Got a shell with w........ user but I need an ssh user. can't find d....... password. Where to look?? I think I enumerated all the box... please PM an hint... thanks

    The 'password' is in plaintext somewhere on the box

    Hack The Box
    OSCP

  • Rooted. Very interesting box. Looking back, it ended up not being as difficult as I thought it was or was treating it to be. But it can cause some overthinking. If anyone needs a push in the right direction, just PM me.

  • I am failing to decrypt that file. Anyone to PM and discuss the syntax of the command with me?

  • Need help with decrypting the file with both the tools. Available to pm anyone??

  • I also need help with the github tool, please DM me. Thx

  • edited September 2018

    Anybody up for a quick nudge on how to get the root flag. I've been trying to drink water from the stream 45105 times already and I haven't gotten any real progress. Any DM would be appreciated.

    Edit: Yay got root. It's actually pretty easy when you find the correct location from which you want to drink water.

    Renegader

  • people....please STOP editing the drupal instance to get your shell. There are other ways so get shells without disturbing every other user. Really annoying

  • @sh3lbst3r said:
    @th3C0untZ3r0 said:
    > Got a shell with w........ user but I need an ssh user. can't find d....... password. Where to look?? I think I enumerated all the box... please PM an hint... thanks

    The 'password' is in plaintext somewhere on the box

    I spent a while looking for the said password all because I thought it can't be that simple :(

    If you're like me - just think to yourself "I probably have the answer already."

    blobbo

  • I believe I have found the encoded data ...anyone willing to PM to sanity check a N00b

    Hack The Box

  • Can i get some help on going from RCE(and user.txt) to the next step. If needed DM me

  • Hello! I really need some guidance on how to escalate from w user to d user. I've enumerated this box a lot, in many ways, trying to get the plain-text password the others were talking about. But it seems I just can't get the right "spot". Any help/PM is appreciated!

  • Rooted it , very fun machine had a great time , ping me up for hints :)

  • Hie guys, I can read files as the root user using the webshell but I am failing to get a real shell. Anyone to assist?

  • Anyone willing to assist with syntax to brute force the .enc file, please PM if you have sometime

    Hack The Box

  • someone help me with priv esc. got the service. dont know how to login.

  • Can someone help me with the initial foothold? I cant seem to find my way in. I have tried enumerating the webapp but nothing is coming to me and I cant find a file on the F** service. Please PM me.

  • Decryption of this file is crazy...can anyone give a slight nudge? No RCE's are working for me either... I initially got one to work, died immediately can't even get it to work again with a different payload?... whats up with this box?!

  • Alright ...got the file, decrypted, got the info from the file. Access to web instance ....anyone able to nudge me onto the getting user flag ? PM if you can

    Hack The Box

  • Finally rooted. It took a long time. First i wasted allot of time trying to crack the ***nc file with tools found online. Eventually made my own script and it was cracked within seconds....
    The poison hint was a strong one, but i focused on the wrong port for a while...
    After finding the right one these two hints helped allot.

    @void124 said:
    Rooted. For those of you that have a problem with last step of privesc, if you are looking on the login page of interesting service and you also have Poison like access... The login process could be very trivial if you don't focus only on the login credentials but also on the referenced file. Ask yourself, is url in form referring to something, what actually exists? If it is not, can we change that?

    @loopspell said:
    search for mannual exploitation of known vulnerability relates to console on google

  • edited October 2018

    okay this config file- I don't know where you guys are finding a password in plain text; I've looked through enum scrips; did lots of manual enum; like lots and lots of manual enum... grepped everything for 'pass' or 'password' also; find / -name "config"/"password" etc etc... went back to my nmap... looked through all the directories disallowed... i'm just like... lost where is this plain text password..... someone said it was straight forward... O.o ...

    I can't tunnel without some ssh cred action.... used curl to check out the H2... but I can't do anything with it.

    ....atleast from my current understanding... help guys?

  • @drUIdmoz said:
    okay this config file- I don't know where you guys are finding a password in plain text; I've looked through enum scrips; did lots of manual enum; like lots and lots of manual enum... grepped everything for 'pass' or 'password' also; find / -name "config"/"password" etc etc... went back to my nmap... looked through all the directories disallowed... i'm just like... lost where is this plain text password..... someone said it was straight forward... O.o ...

    I can't tunnel without some ssh cred action.... used curl to check out the H2... but I can't do anything with it.

    ....atleast from my current understanding... help guys?

    I hope this isn't to much of a spoiler. But maybe you should check where the config settings are stored for the CMS this server is running.

  • I Founded User d**** In SSH
    But For Password I Used 10M Pass List But Cant FInd Any
    Also No Drupal Exploit Work
    any Help
    Or Passlist Hint

  • @Amzker said:
    I Founded User d**** In SSH
    But For Password I Used 10M Pass List But Cant FInd Any
    Also No Drupal Exploit Work
    any Help
    Or Passlist Hint

Sign In to comment.