Bounty

11011121416

Comments

  • edited October 2018

    Is there a trick to get a file upload to stick? I had a working upload earlier and got a stable shell, but now the same file isn't working. Help!

    Edit: Got root.txt. Still really confused as to why sometimes the upload sticks and other times not. Had better luck on free than vip.

  • None of my RCE seems to work, Im al little bit confuse too right now hahaha

  • Having some trouble figuring out how to format the upload. I'm aware of the extensions it allows, but is giving me cannot be displayed because it contains errors. Would be greatly appreciated if someone could PM and give me an idea on next steps.

  • Rooted. Box was unstable during the privesc.

    Arrexel

  • Hello, I found the url where upload the payload in the correct format.
    i can see the uploaded file but I can't get the reverse shell to work... any hint?

  • it's so unstable... but rooted at last. first 'sucks' rate i gave here

  • s1ks1k
    edited October 2018

    UPDATE: rooted.. can't imagine how many times I clicked the 'Upload' button

    Hack The Box

  • It's normal some files present a http error 500? sometimes it change to 403. is this box stable?

  • got rce, cant find user.txt in the desktop/documents.
    help?

  • Finally got this after over a week + and leaving and coming back a few times

    hints... just keep at it... find the intial foot hold via searchign folders and files/pages that would run on this type of web server you find one of each .....

    then work on payload and seeing what files work.. go small and simple and then make it complex.. any errors will through 500 and ruin your day and frusterate the crap out of you.... Also, keep in mind lots and lots of others are doing the same things as you..which will over write your files and piss you off.. lol.. this will screw you up.. also use private/no cookie/cach mode on browser/tools..keep trying think about it and then do it later.. don't just keep hammering away wonder wtf is giong on and why your files are missing/going away.

    after you get shell and rce the fun begins.... think what type of system it is..the type of shell you have and then try and search for exploit for this system.... the archecture plays a big part in this system x86 x64.. think about it all and keep at it.
    pm if you want.

  • Woohoo! Finally rooted! M********t got me over the hump. Take note of the previous hints.

  • edited October 2018

    For Privilege Escalation you can use 2 exploits. After rooting the Bounty i read the WriteUPs in Github and all of them use the same exploit but i found another one

  • edited October 2018

    Rooted!. Anyone could did it without M******r?

  • RCE not stable enough to for me to find anything i might just move on to another box tbh. I've been mashing that upload button for too long

  • Rooted as well, Wondering if there are other methods apart from the easy exploit

    halfluke

  • Well that was super annoying. I've rooted the box finally. Getting a shell was a wee bit tricky and with some suggestions from others helped me get the right command - this should be the hard part though.

    Priv Esc according to those who have done it is supposedly super easy. It wasn't so for me. Despite having done the same exploit as those who have done it (via the writeup on github (need root.txt as password) - I can see I have used the exact same exploit as them however for whatever reason it did not work for me and I have no idea why.

    So I spent a painfully long time trying to figure out where I was going wrong with increasingly complicated ways of trying to exploit.

    Anyway, got system in the end using a different exploit - so to answer @halfluke - yes there's a different way to exploit it. It's harder to find but it worked for me in the end. Phew. From writeup's others have done, it is easy. I followed the same path, but didn't work for me.

    I'll have to reset box and see if I can do it again with that easy exploit and see where I went wrong. Good to learn.

    Good box to learn about getting an initial foothold using something that many tend to overlook (even I'm guilty of this).

  • I think I have the idea about what to do. anyone there to help me to check if I am doing it right?

  • Hello guys, I'm in the very beginning with this machine :(
    The only thing I found about bounty are two folders, but couldn't find anything inside.
    Some good soul can help me with hints? I'm scanning the host now, trying to find files, but the lists I'm using (or maybe the extensions) find nothing!!
    In PM, or here on the forum, I'll be very happy to have some help!
    Thank you!

  • Would like to thank @0zcool for his help! Finally got root!!!! :-D PM if anyone needs help!

  • @CHUCHO said:
    Rooted!. Anyone could did it without M******r?

    I rooted it without Meterpreter but I used Meterpreter to get a shell :)

  • Hi guys! Could you please give me a hint of Bounty machine? I tried to use dirb with iis and extension wordlist but it didn't work. Please PM me!
    Thank you!

  • @nhanlh1493 said:
    Hi guys! Could you please give me a hint of Bounty machine? I tried to use dirb with iis and extension wordlist but it didn't work. Please PM me!
    Thank you!

    same dificulties here bro, if someone help you, please help me too!

  • @nhanlh1493 said:
    Hi guys! Could you please give me a hint of Bounty machine? I tried to use dirb with iis and extension wordlist but it didn't work. Please PM me!
    Thank you!

    Enumerate webserver and header. Once you have that find associated file extensions and let dirbuster do the work.

    my4andle

  • edited October 2018

    can anyone provide some hints in Pm

  • I got user.txt thanks @redout ;)

  • I'm stuck in the RCE... I found a way to bypass the upload filter using w*******g and now I'm able to run some asp commands using the uploaded w********g but I'm receiving 500 error when changing it and uploading a payload from PayloadsAllTheThings. Please send me a PM

  • I got root! ;)

  • can anyone provide some hints on how to get shell, I just started working with this box and just found page to upload file. please do PM me.

  • @JAGADEESAN said:
    can anyone provide some hints on how to get shell, I just started working with this box and just found page to upload file. please do PM me.

    Find all possible extension for the server type and header, fuzz to see which ones can upload, then google for exploits with that file extension. There is an mdsn page will all extension types that will help you.

    my4andle

  • I've read through all the posts and am unfortunately still stuck on this box. Can someone PM me some advice on the initial foothold? Everything I've tried, from webshells to actual reverse shells, has resulted in a 500. I had the most success with the webshell, wherein I could access it and see my current user, but trying to execute any commands gives me a 500 error. Thank you in advance

Sign In to comment.