Curling

145791032

Comments

  • finally rooted, with a lot of help. chasing the rabbit for hours. got the root hash more than once but i didnt realized that was me, i thought the hole time someone forgot to cover his tracks and three / are better then two

    SekIsBack

  • edited November 2018

    I got the pass of the user on the joomla but not the username, how did you find it ?

  • It's in the main page....just look close... :-)

    Fighter81

  • I'm burning my brain out with P******.txt file, got all printable chars with a switch for a known command to view the file....but i can't go further at least for what i am trying...is that password for ssh? am i on the right path?

    Fighter81

  • edited November 2018

    Rooted! Finally thanks to @Sekisback , I was definitely overthinking it.

    ikuamike

  • @Fighter81 said:
    I'm burning my brain out with P******.txt file, got all printable chars with a switch for a known command to view the file....but i can't go further at least for what i am trying...is that password for ssh? am i on the right path?

    Might help to google "magic bytes" or "magic numbers".

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Wonderfull!!!. I lean something about linux. How ever the machine is giving you hints to privilege escalation!

    Thanks for this machine!

  • @TazWake said:

    @Fighter81 said:
    I'm burning my brain out with P******.txt file, got all printable chars with a switch for a known command to view the file....but i can't go further at least for what i am trying...is that password for ssh? am i on the right path?

    Might help to google "magic bytes" or "magic numbers".

    U mean after i get the plaintext password?

    Fighter81

  • No, if you have the plaintext password you are all good.

    If you just have the word "password" in plaintext, you need to look harder.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @Fighter81 said:
    U mean after i get the plaintext password?

    Check your private messages.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got user f* but have some problems with root. What should I do with this a-a?
    There is something in crone? Please PM if you have a hint.

  • What do the files in a-a do?

  • edited November 2018

    Okay I've been spinning my wheels for a few days now trying to get the creds. I have the username and have located the s*****.txt page, but I've been unable to crack it. I have a feeling I'm on the right track, but could someone PM me so I can confirm if what I'm thinking is correct?

    EDIT: OMFG I'm such an idiot. I have the password now. I ran the string on a hash-identifier tool and the hash it said it probably was... was not actually the correct type. I feel like such an idiot haha.

    b1gbroth3r

  • @opt1kz said:

    @galoryber said:
    Exactly this. I'm here to learn before taking my OSCP course in the new year. The machines I've already done are very easy retro-respectively. Learning how to get there though.... there is a lot of ground to cover.

    You guys aren't wrong by any stretch of the imagination. I can see why this box would be difficult for someone just starting out. I can't speak for Frey, but, personally, I'm having a very difficult time trying to come up with hints that wouldn't just be outright spoilers.

    But that may very well be the disconnect between those with less experience and those with more experience; to me it seems like any hint I provide would be a spoiler, but if the person I'm providing that hint to isn't already in my headspace... It might not even be useful to them. But it could also be spoonfeeding a third party reading the hint who's in between us as far as skill/experience goes. So it's a very difficult issue to navigate.

    I think this is also why you see so many people just saying the same, tired crap over and over on this forum. "Enumerate more", "try harder", etc.

    TL/DR: I don't think anyone is trying to be intentionally unhelpful.

    Hint for stage one: Enumerate. Examine everything (including page sources) and look for common file extensions. Everything you need to login is literally right there in front of you. Once you've logged in, you may need to research a bit before you figure out how to execute commands on the system, but it is very, very simple.

    Hint for stage two (user): Again, it's in your face. No tricks. If the first few bytes of the file look familiar, that's because they are. If they aren't, Google them. Either way, figure out how to transform the data into something else, and then repeat. Eventually you'll end up with a plaintext something-or-other that you'll (hopefully) know what to do with.

    Hint for stage three (root): There's something going on close by. You don't need to venture very far. Figure out what's going on and leverage it. Be patient. Examine the environment.

    Any idea/track for the file backup?

  • edited November 2018

    Really pulling my hair out on the root piece. I see what is happening between the two files. However, what I am changing is not affecting the output or is giving an error. Would anyone be able to point me in the right direction?

    Got it finally!

  • For the love of god please stop resetting the Box !

    Baikuya
    OSCP

  • edited November 2018

    Yeah something is going on with the box that is not normal. I swear I have the right creds and it's not letting me in. Also the wonderful file upload shows up on the homepage every now and again. Can anyone PM me who has rooted the box so I can verify what I have?

    EDIT: Yeah I'm talking to you for changing the password....lol. Such characters :P

    publicist

  • r00ted. Thanks for all the hints. I liked this box alot with the Joomla bugs and getting my reverse shell, but the fun ended after that. Getting user--I can't imagine someone actually doing that in real world...I mean maybe a few odd folks here and there, but the first part was great because of real world, getting the PW BKUP was kinda goofy.

    Now root was interesting as this is a concept I def. could see happening in real world. Thanks guys!

    publicist

  • Enjoyed this box. Very interesting and does provide a real world setup with getting a reverse shell going taking advantage of the bugs in the Joomla App. Thanks to the developer for putting it together. Thanks to ZaphodBB for teaching me a new command to use.

  • This machine was fun. Pm if any hints needed.

    Draco123

  • Hi I am new to HTB and new to OffSec anyone can give me a hint how to find those user and password? I found those base64 strings and decode but it outputs a url path.

    32x0LF

  • If only Curling machine can shout please stop bombing the index.php. we cannot use ithe machine

    32x0LF

  • 4 restarts within 20 minutes, the machine is not usable atm...
    stop restarting the machine and changing the index.php

    lemarkus

  • Rooted the box. Getting user.txt pure CTF thing. But getting root was fun and very easy. If someone needs hint - PM me.

  • Nice box, getting root.txt is easy, but root shell is little bit tricky.

  • Root was very funny :)

  • I got root.txt but i'm not sure if it was me or not. Can somebody help me? xd

  • Can someone pm me a nudge in the right direction (other than "don't over think it") for Curling? I got p*******b***** file but I'm not sure how to start decrypting it.

  • That was a nice CTF box :)
    I see so many people digging WAY too deep on the box.
    Best advice is to not over complicate and look at what is right in front of you (classic advice i know lol..)

    Hack The Box

  • can anyone help a noob privesc from www-data to user? unless I went about getting a shell the wrong way?

    cognitiv3

Sign In to comment.