Dev0ops hints

1568101121

Comments

  • Got user after < 5 minutes and stuck at get root whole day :( Can anyone help me please. I saw some interesting things but i couldn't go further

  • finally got it. much simpler than what i was trying, but thats usually how it goes

  • Grr.. i am down with the try harder thang.. but when you hit a wall you hit a wall. Anyone willing to dm me. I have made some progress on initial shell but I just can't get the payload right.

  • Spent four days figuring out the initial exploit/formatting. Two days on shell access and one day on root. The hints on this forum were critical to my success and I learned a ton along the way. Thanks @lokori for an awesome box!

  • Anyone want to trade hints for user or Privesc on Devoops that has Celestial? PM me

    Huejash0le

  • @nardin said:

    @J3rryBl4nks said:
    My payload seems to be malformed, can anyone PM me about the format of the payload?

    There must be a father with 3 sons ;)

    What a subtle hint LOL

  • Nice Box - made me get familiar with something im not versed it - props to the creator.

    GingerHackz

  • Rooted!

    Once you find the vulnerable service, just try to play around with the format. Craft a valid file, before even going for the exploit. If you have a working format, the server will accept it. Then you can go and play with the payload. With an arbitrary payload you should be able to obtain user.txt.

    PM if more hints are needed.

    OSCP | OSWE | CRTP


    0x23b

  • Finally rooted it.

    If anyone need hint without spoiler, just PM me.

    It is a really good box.

  • Nice box.. finally rooted it with the guidance of some hints.. especially the look in the past one was really helpfull to get root :)

  • So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

  • @TheBull369 said:
    So I found a method to view system files like passwd but that is all I have been able to make it do. I cant get the system to do any processing of commands. Anyone have a suggestions on where to look next for RCE or shell access?

    try to read some other files

    Arrexel
    OSCP | I'm not a rapper

  • Rooted! Hints helped. PM if you need a nudge.

  • edited July 2018

    OK rooted.

    in order to root this box you have to roughly understand how Spoiler Removed - Arrexel.
    This very tough for me, i'm pure infra guy :).

  • This machine is really awesome. Actually I was crazy for a moment but @Didakt comment rescue me. Thanks @lokori ,@Didakt

  • edited July 2018

    Rooted! Great Box .. Learned a lot from this one.. Thanks @lokori

    AmsHusky18

  • I've tried modifying the payload, but seems like I'm missing something. Maybe there's more to the eye on the u page?

    pzylence
    OSCP

  • edited July 2018

    I need help. I could not find anything except the ports. Any hint?
    edit, was stupid enough. nvm

    v1ew-s0urce.flv
  • I need some help with user.txt, I already know the vulnerability and how to get RCE from it (Similar to aragog since I already got the user of that). However, this application does not show the output of the LFI, which I am trying to redirect to myself at a http or ftp server. However, does not seem to work by any reasons. Can someone PM about it.

  • This was fun @lokori. I enjoyed this machine. Keep up the good work mate. I really liked the way you left subtle hints to not land in rabbit hole and keep progressing.
    For those who are still on this machine, you need to be a spider killer, and be Marty at the same time! :D

    pzylence
    OSCP

  • Hello guys, I have some doubts on the payload, through XML I can see some important files but I can't launch commands (maybe for a reverse shell... I don't know if I'm on the right track!)

    Any suggestions in PM?

  • Well, I need some push with that xml. I am trying to upload classical XML, when I tested XML injection, I was able to delay server response, but I am not able to get anywhere. I udnerstand I should format it author/subject/content in some article, or feed, or something, but only 200 response I get is when I do not upload file with xml ending.
    Maybe I am just too tired, but hint is very welcome:D

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • I rooted this thanks to @msslaughter and @SpZ. PM me if you need help

  • OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • See if there any other files you can read that can help you connect to the server

  • @karelchajim said:
    OK. I am able to send XML to server. I am able to send request to myself from server. But thats all. Is there any hint where should I look to see my uploads? Or how should I proceed from here?

    see you nmap scan again.. think how can u use those port with xml

  • rooted!
    if you want hints you can ask me.

  • I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

  • @UserAlpha said:
    I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

    Think of ways, how you can login to a machine. You don't have to pop a reverse shell.

    OSCP | OSWE | CRTP


    0x23b

  • @0x23B said:

    @UserAlpha said:
    I got user.txt (without gaining a shell onto the box). Do you require an existing shell to get root or is the information available through xml enough?

    Think of ways, how you can login to a machine. You don't have to pop a reverse shell.

    Was using the wrong identity file. Thanks - in as low priv user. Time to try escalate.

Sign In to comment.