Does anyone know if there's any material i can read regarding priv esc. I'm sure i know what it is, but i can't find anything on actually applying it outside of theory
Any suggestions on websites to read about exploiting PHP? I'm weak on web exploitation and everyone is saying this is easy but I'm obviously missing something. I can't find a way to exec my commands.
Would you guys mind providing some hints to elevate my privs to root, I'm struggling here for days. Couldn't understand how to benefit from the B** thing. I already read the tickets, understood there is something going wrong on the other side but still some pieces are missing from the jigsaw I need to gather. Could you PM please, I need to understand more than just escalating the privileges.
I second @eeyepee's request. I have been struggling with privesc. I think I know what to do, but I can't "see" the result of my actions. Could any kind soul PM me to discuss things?
Thanks for your time!
Well, for privesc, I tried with netcat but it did not work, so I emulated the service with a script from github. Keep this in mind if you think you got everything as it should
@diogomrfer said:
Well, for privesc, I tried with netcat but it did not work, so I emulated the service with a script from github. Keep this in mind if you think you got everything as it should
I found you could emulate the service just by typing the responses into netcat, saves some time trying to script things out
@diogomrfer said:
Well, for privesc, I tried with netcat but it did not work, so I emulated the service with a script from github. Keep this in mind if you think you got everything as it should
I found you could emulate the service just by typing the responses into netcat, saves some time trying to script things out
can someone gimme a hint on how to get a reverse shell, got user but so far i'm only able to run commands via the website. i have an idea what to do once i have a reverse shell but i'm still stuck getting the machine to connect back to me. pinging myself works fine. any ideas? EDIT: nvm, i got it now
Got root. What a great box. I almost blow my brain to get this done. I was thinking too hard, but in the end was a simple thing. Saw 2 ways to get this done. there's much easier and another not so easy, but on the real world we don't always will have root access on pivot machine to get this done. So networking is fundamental on this box.
EDIT: what is the thing with the secretdata?? and the Nigerian Prince?
still struggling with user. what am I missing. got admin credentials bt can't find any, executable or interactive shell/service as suggested by others. I get "Configuration changes locked, will be reverted automatically" . some tabs/links restricted due to expired license. I just can't find anything remotely close to an interactive shell on the admin page
@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can't find any, executable or interactive shell/service as suggested by others. I get "Configuration changes locked, will be reverted automatically" . some tabs/links restricted due to expired license. I just can't find anything remotely close to an interactive shell on the admin page
@bokanrb said:
Got root. What a great box. I almost blow my brain to get this done. I was thinking too hard, but in the end was a simple thing. Saw 2 ways to get this done. there's much easier and another not so easy, but on the real world we don't always will have root access on pivot machine to get this done. So networking is fundamental on this box.
EDIT: what is the thing with the secretdata?? and the Nigerian Prince?
Lol, no clue secret data but the Nigerian prince is a well known email scam.
@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can't find any, executable or interactive shell/service as suggested by others. I get "Configuration changes locked, will be reverted automatically" . some tabs/links restricted due to expired license. I just can't find anything remotely close to an interactive shell on the admin page
Same here...Stuck on user, I passed the login, I watched every path, every js ... But I'm totally blinded right now! I exchange adamantium for a hint LOL
For the love of God I can't even enumerate after user with all the resets! Is that from necessity or just people not getting what they are looking for? I see that elegant, striped African animal galloping over its common ports 🤣 but nothing in iptables list
@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can't find any, executable or interactive shell/service as suggested by others. I get "Configuration changes locked, will be reverted automatically" . some tabs/links restricted due to expired license. I just can't find anything remotely close to an interactive shell on the admin page
Same here...Stuck on user, I passed the login, I watched every path, every js ... But I'm totally blinded right now! I exchange adamantium for a hint LOL
Comments
someone is available on PM, i can enumerate the 1*1 port but i can't get the SN.
i treid several tools, with several options without success.
tks
Take a walk and think about it.
tks a lot, got it
Any able to give me a nudge on whether I'm on the right track with b** and q***** for p***t? Or if I should be focusing on something I've overlooked?
got shell but still nothing on root.txt
if someone kindly enough to help me please PM 
Thanks.
I made some progress but still stuck on getting root.txt
please DM me if you can help me a bit
Does anyone know if there's any material i can read regarding priv esc. I'm sure i know what it is, but i can't find anything on actually applying it outside of theory
Any suggestions on websites to read about exploiting PHP? I'm weak on web exploitation and everyone is saying this is easy but I'm obviously missing something. I can't find a way to exec my commands.
user is easy!
struggling for root
Many thanks to @Raiden99 @Kecebong and Spoppi....you guys have been wonderful. Got root.txt on carrier.....learned a lot from u guys......
anyone got some hint for the RC-Part? Can't seem to get it to work...
Edit.: nvm got it to work, feelin so stupid right now
Would you guys mind providing some hints to elevate my privs to root, I'm struggling here for days. Couldn't understand how to benefit from the B** thing. I already read the tickets, understood there is something going wrong on the other side but still some pieces are missing from the jigsaw I need to gather. Could you PM please, I need to understand more than just escalating the privileges.
Don't worry about it
I second @eeyepee's request. I have been struggling with privesc. I think I know what to do, but I can't "see" the result of my actions. Could any kind soul PM me to discuss things?
Thanks for your time!
Well, for privesc, I tried with netcat but it did not work, so I emulated the service with a script from github. Keep this in mind if you think you got everything as it should
I found you could emulate the service just by typing the responses into netcat, saves some time trying to script things out
Oh, nice.
A smarter choice, actually! 
can someone gimme a hint on how to get a reverse shell, got user but so far i'm only able to run commands via the website. i have an idea what to do once i have a reverse shell but i'm still stuck getting the machine to connect back to me. pinging myself works fine. any ideas?
EDIT: nvm, i got it now
i have no idea what ssh key people are talking about. i couldn't find any keys on this box, not in the usual locations and not somewhere else
Can anyone PM me to help me to het Root here. I know it's a Network thing. I see a specific route thing, but then the wall get's to hard :-(
Got root. What a great box. I almost blow my brain to get this done. I was thinking too hard, but in the end was a simple thing. Saw 2 ways to get this done. there's much easier and another not so easy, but on the real world we don't always will have root access on pivot machine to get this done. So networking is fundamental on this box.
EDIT: what is the thing with the secretdata?? and the Nigerian Prince?
still struggling with user. what am I missing. got admin credentials bt can't find any, executable or interactive shell/service as suggested by others. I get "Configuration changes locked, will be reverted automatically" . some tabs/links restricted due to expired license. I just can't find anything remotely close to an interactive shell on the admin page
! [offsec383hx] (https://www.hackthebox.eu/badge/27219)
Pm me, I can give you some help.
Lol, no clue secret data but the Nigerian prince is a well known email scam.
Can someone help me? I can create a reverse shell but the connection automatically dies within a second...
Same here...Stuck on user, I passed the login, I watched every path, every js ... But I'm totally blinded right now! I exchange adamantium for a hint LOL
Look at the diagnostics page in great detail.