Dev0ops hints

Able to read some system files, however am stuck at this stage. Any hints? or Pms? I have a theory but need some bouncing off.

I think this is a very nice box for beginners. Fairly straight forward and nothing all-too-crazy.

I found this box very hard as despite knowing the exploit I could not get my payloads to work. In the end I had help to get a normal file to work then once I got that it was just a matter of adding payload. Only 1 of about 20 examples I found worked though as most were 2 part payloads but none of them worked
Got there eventually but if you are having trouble try getting a normal file to work first

Is there an issue with the box? I canā€™t access the web pages that I was able to yesterday. Now all scanned ports are showing closed? I tried a reset same thing, is something wrong with the box @lokori ?

@l30n said:
Is there an issue with the box? I canā€™t access the web pages that I was able to yesterday. Now all scanned ports are showing closed? I tried a reset same thing, is something wrong with the box @lokori ?

Would help if I connected to the VPN, wow. Iā€™m a dumbass @lokori disregard my last comment. I left it up here just to show how dumb mistakes can be made.

Of course if there is something wrong with the box, you can always reset it :slight_smile: I was a bit worried how the app behaves under load, but it seems to work relatively ok. (There is one thing thatā€™s not thread-safe and I left it there intentionally. It might lead to RCE, but there are also two completely thread-safe and reliable routes.)

@lokori said:
Of course if there is something wrong with the box, you can always reset it :slight_smile: I was a bit worried how the app behaves under load, but it seems to work relatively ok. (There is one thing thatā€™s not thread-safe and I left it there intentionally. It might lead to RCE, but there are also two completely thread-safe and reliable routes.)

Awesome, waiting to learn that route soon. Thank You for this box. Keep making more such boxes for us to learn something new.

hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?

@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?

from something you listed, maybe you didnā€™t read properly :slight_smile:

@baegmon said:

@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?

from something you listed, maybe you didnā€™t read properly :slight_smile:

thnx i got user flag now but stuck to log in maybe i need brutforce or read another file?

Hi Iā€™m really struggling to create the file to get an initial foothold. Can someone please PM me some resource/the correct config? Iā€™ve looked on the OWASP top 10 and I wasnt able to come up with anything. Any hints would be super appreciated thanks.

Yeah Iā€™m in the same boat as @SirFIS. I can read what at least part of it is supposed to be, butā€¦ in a matter of speaking, whatā€™s the root of it all! :smile: If I could make a PM friend as well, thatā€™d be awesome.

@sazouki said:

@baegmon said:

@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?

from something you listed, maybe you didnā€™t read properly :slight_smile:

thnx i got user flag now but stuck to log in maybe i need brutforce or read another file?

you donā€™t have to bruteforce

Can someone PM need help stuck on server error and im pretty sure im uploading right

Finally got this one done with some help from folks. To answer my own question from before, sometime the root of it all needs to be just named that wayā€¦ the root.

Thanks to @lokori for an awesome box. :+1:

Anyone avail to pm for initial foothold.

Just got root. That was a pretty good box, and that devoops, manā€¦ I just spent a few days clearing some of my works from this kind of oops :slight_smile:

Interesting priv esc. I wouldnā€™t have thought to look there without the hints on this forum.

finally i got root, thank you for any clues
itā€™s a fun box :slight_smile:

root dance, nice priv esc