Dab

Need help on privelege escalation … Try_harder seems a dead end as same aplies for myexec :frowning:

Finally got root after banging my head for 5-6 hrs… :slight_smile:

Just wanted to say… Wendell’s password…

\m/ (>.<) \m/

Edit: Got user. PM for any help for user.

I found a interesting service running internally into Dab server named mc***
but as much as I try to retrieve any useful data I still get only:

Output

END

If at least that service give me the name of some user I could try to bruteforce with this…
Can anyone send me a nudge ? Thanks !

Hack The Box

@izzie said:

I am getting:

Output

END

ADBLOCK YES PEOPLE TURN uBLOCK OFF

Nope, I’ve dissabled every ■■■■■■■■ extension, I’ve intercepted 2 calls with B**p into 2 different tabs. The have EXACTLY the same request, but one has the correct output and the other only the Output/END empty result…

Is this box doing me a dab in my face?

EDIT: Yes, it was.

■■■■ I’m starting to hate this box. I know what needs to be done in priv esc, but there is something that I keep on missing. Any help/nudge would be appreciated.

@thrash said:
Just wanted to say… Wendell’s password…

\m/ (>.<) \m/

loooooooooooooooooooooooool man you saved me some hours of scripting :heart:

What a box!!! Learned so much new things! Thanks a lot!

I’ve gotten the privesc method to work on my local kali after replicating the interesting thing but it does not execute the same way on the target. Can someone PM me?

nvm got it

got root thanks to @FNGCrysis for showing me how stupid we (more like I) can be sometimes with the little mistakes. Learned a lot from this box thx @snowscan

is this box just full of guessing and recon/enum without much proper clues?

Clues all around ?. Just have connect the dot’s. But recon/enum is very much necessary with this box

@pikey301: ok ? but the standard tools & lists are sufficient, no crazy bruteforce?

No crazy brute force. With a couple of standard tools you can do this box.

Can someone help me out with exploiting memched? I’m assuming i need to find a way to push the data in the u* key to the st*** key, but I have no idea how to. Every command that could do it requires multi-lined input, which I cannot do. Hints?

@The5thDomain said:
Can someone help me out with exploiting memched? I’m assuming i need to find a way to push the data in the u* key to the st*** key, but I have no idea how to. Every command that could do it requires multi-lined input, which I cannot do. Hints?

Sure, DM me

<<< redacted >>>