SecNotes

2456714

Comments

  • very cool box! entry point is similar to an old box - but that old box was a hard one so probably not so much people know it

    r4bit

  • This old machine had nicer entry point.

  • Rooted, very good machine! Thank you to the creator!

  • What a wonderful experience it was to root this machine. It's one of a kind machine with multiple environments running together. Hates off to the Creator. Cheers!

    Hack The Box

  • Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

  • can't find the initial foothold either - would appreciate some help :)

  • @mxchai said:
    Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

    You need to do a little enumeration at the login level, we could inject what in a login page ?

  • Thanks @seepckoa I'll run with that and see how it goes

  • @mxchai said:
    Thanks @seepckoa I'll run with that and see how it goes

    If you still do not arrive, contact me! :)

  • edited August 2018

    I am somehow stuck... I have some initial creds, I have read some things, I have pulled some files, but it's unclear how to proceed to get shell/filesystem access from here. Found something that could give RCE, but not sure where to actually find it.

    I'll probably figure it out after taking a fresh look later...

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • @Seepckoa said:

    @mxchai said:
    Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

    You need to do a little enumeration at the login level, we could inject what in a login page ?

    i pretty much get what i need to do but the usernames taken * all of it *

    Need to wait for my turn i guess ! :anguished:

  • edited August 2018

    Finally, got root ! I learned a lot.
    Many regards to @Pratik

    edit: For initial foothold, you need to find some credentials on obvious service. OWASP Top 10 will guide you. Don't overthink it.

    Hack The Box

  • rooted. didnt expect root to be that easy. was over complicating it.

  • @r518 said:
    I think I'm overlooking this one a lot. I've tried a fair few things, could someone point me in the right direction for the foothold in PM?

    Edit * found it.

    Edit 2: For everyone PM'ing...

    Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this...

    Which box was that?

    jamesa

  • @jamesa said:

    @r518 said:
    I think I'm overlooking this one a lot. I've tried a fair few things, could someone point me in the right direction for the foothold in PM?

    Edit * found it.

    Edit 2: For everyone PM'ing...

    Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this...

    Which box was that?

    I didn't do it, but I heard it was a Nightmare.

    hmgh0st

  • Edit : Never mind got it

  • Cool box! Respect @0xdf

    n01n02h

  • Easy one! ;) My hints are : don't overthink and don't try to bruteforce anything ... basic enumeration is the key to this machine!

    All the spoilers are on this thread

    cdoisponto

  • I've got creds, and I can save stuff to the server. But I can't get RCE or a shell with any of the methods I've already tried. Can anyone PM with a nudge in the proper direction?

  • edited August 2018

    @DataPush3r I am in the same boat as you. I got creds but cannot seem to do anything else from there.

    Hack The Box
    [PHP ZCE][OSCP]

  • Hi Guys i can upload shell to server. But i cant find on site. Is it false way ? Please PM for hint.

  • @MaTRiX13 Its there, but I can't get it to execute. So that makes at least 3 of us in the same boat. Anyone with a tip?

  • edited August 2018

    ok so can I help? well maybe...
    for initial shell keep going old school on , everything you need is there. think old school, what can you access, what can you do?
    fot priv esc: well search the WHOLE system for interesting exes relating to weird thing you should notice!! then what you did before will help you in the future!!

    adyd

  • edited August 2018

    @DataPush3r I got it now what a dummy I am.

    Hack The Box
    [PHP ZCE][OSCP]

  • For all people having problems to get a shell ... back to basics and try a simple shell, this OS version usually have an AV running ...

    cdoisponto

  • I've got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
    Thanks 0xdf

  • edited August 2018

    I'm still working on the initial foothold, but I seem to be running into an issue where I get the response "Something went wrong". I've figured out that it's related to the length of my input. Is there a way around this or do I just have to figure out how to work with it?

    Edit: Never mind. I was trying to go much farther into the DB than was necessary.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @DataPush3r said:
    I've got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
    Thanks 0xdf

    Yeah I did the same, saw some stuff on the filesystem that I assumed was for that feature you use, but didn't even think of how I could use that to my advantage until I ran out of options and figured I'd give it a look, then it was very simple. It was a really fun box.

    Feel free to follow me on Twitter @BenGrewell for tutorials, videos and other infosec related posts.

  • Oh god. So I've tried many exploits. Read some credentials. Accessed a place to write to. I've accessed all users' names and password hashes. But I have still not been able to read from the filesystem. "something went wrong" errors every time I try to read file system. I'm new and I start my OSCP training this saturday. I'm just doing hackthebox to get ready. Any education is much appreciated to access this box. I'm not doing this to test my skills just yet, I'm doing hackthebox to learn.

  • @starcraftfreak said:
    Oh god. So I've tried many exploits. Read some credentials. Accessed a place to write to. I've accessed all users' names and password hashes. But I have still not been able to read from the filesystem. "something went wrong" errors every time I try to read file system. I'm new and I start my OSCP training this saturday. I'm just doing hackthebox to get ready. Any education is much appreciated to access this box. I'm not doing this to test my skills just yet, I'm doing hackthebox to learn.

    Look at my post a couple above yours. "Something went wrong" means you're trying to go too deep and enumerate too much from the DB (there's an input length limitation). Keep it simple. Dump what you can from the Secure Notes app and then use that information elsewhere.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

Sign In to comment.