Able to read some system files, however am stuck at this stage. Any hints? or Pms? I have a theory but need some bouncing off.
I think this is a very nice box for beginners. Fairly straight forward and nothing all-too-crazy.
I found this box very hard as despite knowing the exploit I could not get my payloads to work. In the end I had help to get a normal file to work then once I got that it was just a matter of adding payload. Only 1 of about 20 examples I found worked though as most were 2 part payloads but none of them worked
Got there eventually but if you are having trouble try getting a normal file to work first
Is there an issue with the box? I canāt access the web pages that I was able to yesterday. Now all scanned ports are showing closed? I tried a reset same thing, is something wrong with the box @lokori ?
@l30n said:
Is there an issue with the box? I canāt access the web pages that I was able to yesterday. Now all scanned ports are showing closed? I tried a reset same thing, is something wrong with the box @lokori ?
Would help if I connected to the VPN, wow. Iām a dumbass @lokori disregard my last comment. I left it up here just to show how dumb mistakes can be made.
Of course if there is something wrong with the box, you can always reset it I was a bit worried how the app behaves under load, but it seems to work relatively ok. (There is one thing thatās not thread-safe and I left it there intentionally. It might lead to RCE, but there are also two completely thread-safe and reliable routes.)
@lokori said:
Of course if there is something wrong with the box, you can always reset it I was a bit worried how the app behaves under load, but it seems to work relatively ok. (There is one thing thatās not thread-safe and I left it there intentionally. It might lead to RCE, but there are also two completely thread-safe and reliable routes.)
Awesome, waiting to learn that route soon. Thank You for this box. Keep making more such boxes for us to learn something new.
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?
@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?
from something you listed, maybe you didnāt read properly
@baegmon said:
@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?from something you listed, maybe you didnāt read properly
thnx i got user flag now but stuck to log in maybe i need brutforce or read another file?
Hi Iām really struggling to create the file to get an initial foothold. Can someone please PM me some resource/the correct config? Iāve looked on the OWASP top 10 and I wasnt able to come up with anything. Any hints would be super appreciated thanks.
Yeah Iām in the same boat as @SirFIS. I can read what at least part of it is supposed to be, butā¦ in a matter of speaking, whatās the root of it all! If I could make a PM friend as well, thatād be awesome.
@sazouki said:
@baegmon said:
@sazouki said:
hello im totaly new in hack the box, i found two ports and two pages in the webserver i cannot upload anything with xml extention and i dont know where all the uploads goes also i didnt find any user to bruteforce password for ssh
any hints please?from something you listed, maybe you didnāt read properly
thnx i got user flag now but stuck to log in maybe i need brutforce or read another file?
you donāt have to bruteforce
Can someone PM need help stuck on server error and im pretty sure im uploading right
Finally got this one done with some help from folks. To answer my own question from before, sometime the root of it all needs to be just named that wayā¦ the root.
Thanks to @lokori for an awesome box.
Anyone avail to pm for initial foothold.
Just got root. That was a pretty good box, and that devoops, manā¦ I just spent a few days clearing some of my works from this kind of oops
Interesting priv esc. I wouldnāt have thought to look there without the hints on this forum.
finally i got root, thank you for any clues
itās a fun box
root dance, nice priv esc