SecNotes

1679111214

Comments

  • edited November 2018

    Anybody help me, i got a Username and hash by Sxxi, try login to Sxx but not work :((, suggest to me a nextstep please :(

  • Awesome machine, initial foothold took me a while but had to get back to basics and stop trying so hard.

  • edited November 2018

    yay, finally got it!

  • r00ted. I enjoyed this box, but I don't feel satisfied and would love if one of the more experienced guys could PM me with how they got a stable shell with just the first user. I want to go back through this box with that and see if I can "go back in the past" in a much better fashion.

    Like everyone else, I was having issues with files disappearing and having to redo my shell every 5 min. Also had the issues where could not get it to be interactive with some things. Overall fun box, though.

    publicist

  • Would be glad to have a hint on priv esc

  • Can someone give me a hint for the inital foodhold. I think i know what I am looking for, but I cannot find it.

  • edited November 2018

    Anyone please may PM me. I found come creds and I have an idea how to go on but I am missing something. I need a hint
    Edit: Got it...just needed another nmap scan -,-

    Baikuya
    OSCP

  • edited November 2018

    Could someone give me some hints on the first foothold? I don't have much so far. I haven't managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn't seem to be applicable in my situation. I've tried enumerating s*b ports. Also the higher level port my dirbuster didn't find anything. Thanks! Someone give me a bump in the right direction and ill be off!

    Hack The Box

  • @Underworld said:
    Could someone give me some hints on the first foothold? I don't have much so far. I haven't managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn't seem to be applicable in my situation. I've tried enumerating s*b ports. Also the higher level port my dirbuster didn't find anything. Thanks! Someone give me a bump in the right direction and ill be off!

    PM me

    Baikuya
    OSCP

  • Rooted ! Thanks @sixtonspacefly for the hint !
    PM me for hints

    Baikuya
    OSCP

  • Anyone help ? I am stuck

  • Finally r00ted :D thanks @n0tAVirus @publicist for the help regarding root part !
    I really enjoyed this machine though I hated it in the beginning lol
    pm If you need help :)

  • edited November 2018

    I found some hashes in the initial foothold, do I need to crack those or look for other information?

    EDIT: Got in

  • @Underworld said:
    Could someone give me some hints on the first foothold? I don't have much so far. I haven't managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn't seem to be applicable in my situation. I've tried enumerating s*b ports. Also the higher level port my dirbuster didn't find anything. Thanks! Someone give me a bump in the right direction and ill be off!

    I'm in the same point, I've tried all the sequences that use IppSec and only appear the 500 ERROR

  • edited November 2018
    I managed to get in by thinking what the sql query might be then manipulating it. Just now looking for a stable shell that doesn't keep cutting out

    Hack The Box

  • I can put files into n-s but i cannot seem to get a shell .... PM please

    LordeDestro

  • Got user now on to root

    LordeDestro

  • Ok I had a fine shell. For some reason my connection was cutting out every few seconds. If I pinged a box it would cut out over and over. Regenerated my connection pack and I'm rolling

    Hack The Box

  • got root..... Onto Zipper thanks to @Ahm3dH3sham @TazWake

    LordeDestro

  • Rooted.

    My feedback for areas I got stuck on (aside of my OVPN client not working and me thinking it was a flaky shell):

    I got stuck on some injection right at the beginning. I sat down and wrote down what I thought was the query being executed, then wrote into that what I would do to bypass it. Copied and pasted and that worked.

    Spin through Wikipedia's page on new features to Windows 10. There are some really weird looking directories and files on the box. It should ring some bells when you see it in the Windows 10 feature listing.

    When you know what you are looking for GO FIND IT.

    At this point, start enumerating like you would do a new box.

    Good luck!

    Hack The Box

  • Got root. That was a lot of fun. Happy to give hints to anyone who is stuck.
  • Great machine! Thanks to @LordeDestro @Underworld for assistance with the initial exploit. Priv-sec was indeed special!

  • Manage to get shell without bypassing anything, even after reset shell is still there, not sure am I doing something wrong because I'm not hitting issues that everybody are mentioning and it looks very easy and trivial... please let me know is this right approach or I'm on wrong track...

    Arrexel

    |OSCP|OSCE|

  • > @Underworld said:
    > Rooted.
    >
    > My feedback for areas I got stuck on (aside of my OVPN client not working and me thinking it was a flaky shell):
    >
    > I got stuck on some injection right at the beginning. I sat down and wrote down what I thought was the query being executed, then wrote into that what I would do to bypass it. Copied and pasted and that worked.
    >
    > Spin through Wikipedia's page on new features to Windows 10. There are some really weird looking directories and files on the box. It should ring some bells when you see it in the Windows 10 feature listing.
    >
    > When you know what you are looking for GO FIND IT.
    >
    > At this point, start enumerating like you would do a new box.
    >
    > Good luck!

    I hate this hint because of how misleading it is. This is not a windows feature exclusive to win10. Telling people that they should examine a feature list is borderline mean.

    You don't even need to enumerate all the files and figure out weird looking directories or whatever. Just look at what the admin did or what shortcuts they use. It indicates what the box is used for. No research required.
  • Overall, This was a good box. Apart from the initial part (which was new for me), everything is straightforward for the user.

    For Priv Esc, just read what's in front of you and enumerate. Little googling will help as well.

    Pm for hints if needed :smiley:

    Draco123

  • edited November 2018

    Hello guys. I have a problem with the current box. I find that you can do something in the platform and I am trying to get as much information out of that.
    I got some version and a username, but when I try some more complex things I am getting an error with "Something went wrong. Please try again later.".

    I am doing something wrong? I didn't want to spoil much.

    If someone want to help, PM me.

    Edit: got the user...let's root that thing now :D

    Arrexel

  • 500 Internal server error..

    0xskywalker

  • @0xskywalker said:
    500 Internal server error..

    Fix your query...

    Arrexel

  • @Akumu said:

    @0xskywalker said:
    500 Internal server error..

    Fix your query...

    Thanks buddy.

    0xskywalker

  • I have stable shell and found the exe but cant for the life of me figure out how to use it for pirvesc. I get root but its not system...

Sign In to comment.