Hint for Fighter

13

Comments

  • Are the root.txt flag in the Administrator Desktop, it seems like is not, if someone rooted please pm me a nudge, thanks.

  • Argh, fighter has been driving me nuts off and on for weeks now. I'm at the point of trying to execute commands, but as far as I can tell nothing is happening no matter what I do. I know what I need to use...it just seems like it's doing nothing...
  • edited September 2018

    Edit: Drunk posting/wrong machine. Lol.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited September 2018

    Someone can you send me PM for help? :)
    I have a limited shell in system32.
    Thanks

    PD: The exploit not work right now... The machine have a problem

  • edited September 2018

    Edit: Never mind. See latest post.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • the first rule!! it is front read it and add them to gether!. :)

    Arrexel
    OSCP | OSCE half way!

  • @thkr said:

    @XXYXZX said:

    @valkyrix said:

    [...]

    thanks, think i found it. not just to figure out how to actually get into the site ._.

    Let's just say that this step is simpler than you might think. A lot of funkiness going on there but stay old school and straightforward.

    This means that I am missing something - if I am not ready with bruteforce after one week, then I do it wrong right?

    It might be a 'CASE' of trying harder. XD

    izzie

  • So is there no systematic way of finding the old members site? Is it just educated guessing from cryptic clues?

    If anyone wants to put me out of my misery please do PM me.

  • edited September 2018

    @izzie said:

    It might be a 'CASE' of trying harder. XD

    There's half a dozen different things that we could change the case of! Usernames, passwords, form fields, cookie fields, other HTTP headers...

    We could be bruteforcing in all caps for another week and still not find anything because we were supposed to do it in mixed case instead!

    Gah! This box is enraging...

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @opt1kz said:

    @izzie said:

    It might be a 'CASE' of trying harder. XD

    There's half a dozen different things that we could change the case of! Usernames, passwords, form fields, cookie fields, other HTTP headers...

    We could be bruteforcing in all caps for another week and still not find anything because we were supposed to do it in mixed case instead!

    Gah! This box is enraging...

    MiXeD cASe AlL tHE tHIngS

    izzie

  • edited September 2018

    Edit: Figured it out thanks to @izzie

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @NeilSec said:
    So is there no systematic way of finding the old members site? Is it just educated guessing from cryptic clues?

    If anyone wants to put me out of my misery please do PM me.

    There is a 'game-ism' occuring, something is missing from the htb infrastructure that you need to account for...

  • edited September 2018

    Edit: Solved that problem.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • Sorry to double post, but how do you deal with the firewall when going for a user shell?

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @opt1kz said:
    Sorry to double post, but how do you deal with the firewall when going for a user shell?

    The firewall has (at least) two 'holes' - at well known places!

  • Crap, you're right. It's my connectback that's not working. Thanks.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited September 2018

    Edit: Owned. Getting the initial shell is the most difficult part of this box, hands down. Getting user requires some guesswork. Getting root is the easiest part of the whole ordeal. Thanks to everyone who provided me with guidance.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited September 2018

    After a few painful weeks, I finally got it. Thanks to @kekra & @opt1kz for their help. One of the best, hardest boxes on HTB at the moment. Kudos to @decoder & @Cneeliz. Never give up and don't forget to Try Harder!!!

    Hack The Box

  • edited September 2018

    I finally have the login page, but I'm not able to get into it. sqlmap does not give anything here. what could I be missing?

    Edit: nvm. sqlmap started talking.

    pzylence
    OSCP

  • edited September 2018

    Hmmm, is this hard because it takes alot of guessing ? I have tried CeWL and Crunch to perform custom dirbusting but I found nothing :-( Any hint ? by PM ? I have also tested for steganography on the various images files in both the /images and /Images directories...I tried to bruteforce for various extensions (.asp,aspx,.htm,.html,.js,.css,.png,.tiff,.txt etc...). I followed all the links on the page, but found nothing of great interest. I guess the next thing I can try is to mix case my wordlists and run dirb again...arghh, hate these boxes :-D

  • argh... stuck on getting a shell...
    this is turning out difficult than I thought it would be

    pzylence
    OSCP

  • edited September 2018

    Edit: Found it.

  • Any hint available for the injection? I've found the login page but cant seem to identify the injection/exploit

  • I know it was asked before but I cant seem to find the old members login page.. tried all sorts of wordlist for parameters, directories and hostnames combinations (com,htb,cap.com,old….). need help pls

  • @edadi said:
    I know it was asked before but I cant seem to find the old members login page.. tried all sorts of wordlist for parameters, directories and hostnames combinations (com,htb,cap.com,old….). need help pls

    I recommend you read this article, concerning bindings in IIS:

    https://www.sherweb.com/blog/how-to-set-up-site-bindings-in-internet-information-services-iis/

    This might help you find the members section...

  • Any hint after got a x64 reverse shell? right now, I am enum the system...

  • @ydrah said:

    @edadi said:
    I know it was asked before but I cant seem to find the old members login page.. tried all sorts of wordlist for parameters, directories and hostnames combinations (com,htb,cap.com,old….). need help pls

    I recommend you read this article, concerning bindings in IIS:

    https://www.sherweb.com/blog/how-to-set-up-site-bindings-in-internet-information-services-iis/

    This might help you find the members section...

    Thanks, I read the article but If it's like example 2 in the article then it's what i tried to do. play with the hostnames.. I didn't guess the correct one I suppose.

  • What is on that blog hint. OLD. what should i do. i need help

  • Search for the old members site ?

  • I got the login page and I've tried all the possible injection, but until now NOTHING.
    Could anyone give us a hint from where should I look and dig .

Sign In to comment.