Carrier

18911131428

Comments

  • @ZeusBot said:
    Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

    i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue...

    ASHacker

  • @ASHacker said:

    @ZeusBot said:
    Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

    i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue...

    Look at how to enumerate that service

  • so whats with secretdata.txt ?

  • edited October 2018

    @EvilMonkee said:

    @ASHacker said:

    @ZeusBot said:
    Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

    i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue...

    Look at how to enumerate that service

    @EvilMonkee said:

    @ASHacker said:

    @ZeusBot said:
    Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

    i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue...

    Look at how to enumerate that service

    Thank you that was a great help to let me think from other way

    ASHacker

  • I've been able to get a reverse shell, although i don't really understand why i spawned into this machine and not on the web server (maybe i'm in a VM).
    I think the next step is to find some info on the server on the subnet which is given in the ticket. However when I log in with ftp, it's empty. I really don't know what to do.

  • @nessaj said:
    I've been able to get a reverse shell, although i don't really understand why i spawned into this machine and not on the web server (maybe i'm in a VM).

    The web server does not execute the code on its machine. there is a persistent ssh connection from the internal host to the web server, and the web server sends the commands you give it thru the ssh tunnel to this other host.
    So your RCE is basically being funneled to another machine

  • got root...thanks for those who helped me a lot...pm for hints...

  • Why jrgdiaz is resetting the system????

  • I am stuck with the reverse shell on the website, if anyone can give me a hint, that would be great.

    lemarkus

  • Hi,
    the string i got from the MIB doesnt seem to work on login page.
    Tried all of the combinations i could think of. A hint please ?

  • cool. got user with RCE. now to move onto root. PM me if you need hints with user.. but yeah RCE is all you need, then you just need to "locate" the file :+1:

    Hack The Box

  • I have a shell, got user.txt , I'm 'root' , I'm pretty far, but stuck at privesc. I've read that it's a must to have knowledge about CCNA routing/switching, Maybe someone would like to teach me a bit :)

    Hack The Box

  • How did you guys enum S***. I'm using S***-C***** and the results i am getting are blank. I am using the public s**** on the correct port? Any help?

  • edited October 2018

    Guys the root is brain F**K and i don't now why the review is so low. The difficulty is 10/10..You have to have CCNP to solve it. Even if you have CCNA you will not find the answer. Please be more objective when review a machine

  • edited October 2018

    Finally obtained root flag. Awesome Machine. I am just a month old in HTB and this was the hardest machine for me. Really learnt a lot. Special thanks to @tobor and @Tract0r for helping out.Pm for hints if needed.

    Draco123

  • edited October 2018

    Oh boiiiiiiiiiiiiiiiiiii!

    Got root. Such an asymmetric box... got user in about 20 mins (half of that waiting for the nmap scan). Took a couple of tries to get root. Let's just say that you need to brush up on networking. There was an earlier comment saying you need your CCNP, I'd say it's not that extreme if you've hung around corporates for a bit and have been on the technical side, but if you haven't had any network exposure I'd suggest reading up on different forms of network abuse. Hark back to your uni days and think on the OSI model, look at the tickets on the dashboard, and you should start to piece things together.
    Happy to give out oblique and barely understandable hints via PM...

  • Super fun box though, the dopamine hit is noice!

  • edited October 2018

    Also, finally I will add, there's one step where you can accidentally make the box unavailable, however I found that the RCE still worked, and could just blindly undo what I did to break the box without restarting.

  • @roastymaus said:
    Super fun box though, the dopamine hit is noice!

    Yeah, when I saw that root.txt it was a pretty good feeling, after how long it took

  • @TheInnocent said:
    rooted. My hints for this box:

    • for user, don't stop at the very first nmap scan, use full potential and enumerate every service. Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell

    • for root you don't have to do much but you'll have to KNOW much about a certain service. First thing, run enumeration scan, then try to read as much as you can about how things like that work

    "Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell. "
    love you Bro you save my time. it took 15-30 munites to identify .

  • @shaboti said:
    Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint >please!

    I am in the same, can anybody give me any hint ?

    nutss

  • @nutss said:

    @shaboti said:
    Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint >please!

    I am in the same, can anybody give me any hint ?

    Just create password list from what you got with a different combination and try it.

  • @Lucyn said:

    @nutss said:

    @shaboti said:
    Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint >please!

    I am in the same, can anybody give me any hint ?

    Just create password list from what you got with a different combination and try it.

    That's not really necessary - you just need to consider that maybe part of the string you got isn't the value, but the key.

  • Hello, i cant login into the app even though i found the 'special string'. I know people say its easy but I am stuck in this for a day so any help would be appreciated.
    Thanks

  • edited December 2018

    Hey guys I did the login, now I am in the web app, but I don't know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!

    nutss

  • edited December 2018

    @nutss said:
    Hey guys I did the login, now I am in the web app, but I don't know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!

    Check you Inbox

  • Getting was pretty simple and fast, then I'm now on the way to root.txt.
    I've setup a reverse connection and enumerated many config files and try to understand how q****a works, used v**** console as well but can't figure what is the next move to do
    if anyone having resolved the step can give me a bit of explanation, it will be great, I don't want a spoil but a way to the good direction

    Nutellack

  • I enumerated the port, and found the S**** string , dont know how to login in to the app, stuck here from past few days, please help.

  • edited October 2018

    Any hints on how to get root after getting the shell? Stuck.
    Is it something to do with Quagga Bgp ?

  • edited November 2018

    Hey Guys,

    Got RCE but I'm stuck at shell. Tried a bunch of things with ch**k variable (e.g nc), no luck.

    Can someone give me a hint in private or is available to discuss the machine?

    Thanks,


    Got it, trying to get root now. If someone wants to discuss the machine, pm.

Sign In to comment.