Teacher

1356719

Comments

  • To save hours of time.. Do we have to get evil?

    xeto

  • These systems that require a re-exploitation to achieve simple access are downright obnoxious. Yea I get it a lot of hackers have no social life but I do and stepping away shouldn't mean redoing work. Just make creds easier to get and allow ssh or something...

  • Getting user was harder than root... i didn't know that it was possible to do what it was doing.. learn something new everyday I guess...

  • @meowzilla said:

    @Sekisback said:
    trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

    same here, didnt work at all following the video

    Did you see "this-is-an-exploit-prevention" ?

  • a hint when going for root; once you find the thing that you think you can use to escalate your privileges, dont start (like I did) by trying to escalate your privileges assuming you know exactly whats happening. instead start by asking yourself, what can be doing the behavior i see? search for that thing everywhere, and you might just find it. from there the priv esc. possibilities crack wide open (lots of different methods once you know exactly what is going on).

  • @SW4gb3JkZXIgdG said:
    oh man that was a lame way to get user password. its just a game of hide and seek that doesnt make any real world sense.

    hint look at every file on every site. if a file doesnt open when you expect it to, find out why not.

    @ ^ ?

  • Feel free to PM me if you are running into issues.

  • please help me ! I cant find anything . I try something but isnt work .

  • i'm stuck i can't find password , I've looked through every folder that gobuster found

  • edited December 2018

    @xeto said:
    To save hours of time.. Do we have to get evil?

    Yes, you have to be an evil teacher.

  • What a journey, finally rooted it...

    center

  • So this was an annoying but fun machine to play around with. Like most people I am not a fan of how the password is found, if it was setup a little differently then it would have been less frustrating for most.

    The key to this machine, IMO, is enumeration and lots of it. It helps with initial foothold/user/root.

    I did like the Priv Esc method, that was something I did not know and now have in my knowledge base....

    Cheers.

  • Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn't work either :(
    Help is very appreciated

  • edited December 2018

    During your privesc,> @AlexanderNagy said:

    Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn't work either :(
    Help is very appreciated

    Hydra will brute force the password just fine. Set the failure message appropriately. No response code filtering required (unlike some of the hints in here would suggest...). Make sure you have a pre-generated list with all the possibilities first (good opportunity to brush up on your bash script skills).

    Now stuck on root, probably some obscure trick to this...

  • edited December 2018

    Am i missing something crucial? i am still struggling to get user even though i have shell for a while, this machine doesn't really feel like 20 points.

    Nevermind, i found what i was missing.

    Hint for initial credentials: After looking throught thousands of m****e files, i wouldn't ever imagine myself finding it where it was.

    Hint for user: To have an easier time with priv escs, create a file called my_privesc, and write a todo list on it. Do the steps sequentially, so you dont miss anything.

  • edited December 2018

    Hi, could I PM someone about the initial logon. Got the user and the password -1 but tried to apply custom dictionary to use on the form with hydra and burp with the amended possibilities. changed the failed response to mirror the form I either find 16 possibilities or none, the occassional red herring, I'm stumped, even changed for the varying case for username and possible typo for password... many thanks

    Edited: thank you to those who responded +1, onto user now

  • Hi mates, I got the credentials, but i have problems during the logging, i am continuously being disconnected, does anyone have the same problem? i cannot maintain the session open!!

    Hack The Box

  • Thanks @opt1kz !
    R00ted.. had a hell of a time with priv esc by making assumptions.

  • edited December 2018

    Could some one please help me out with the initial credentials, I must be missing something obvious. I don't think I can bring my self to trawl through the dirbuster and skipfish outputs again...

    Edit: as predicted, thank you @jkr

  • @numbfrank said:
    Could some one please help me out with the initial credentials, I must be missing something obvious. I don't think I can bring my self to trawl through the dirbuster and skipfish outputs again...

    Same boat.

    tiger5tyle

  • @tiger5tyle said:

    @numbfrank said:
    Could some one please help me out with the initial credentials, I must be missing something obvious. I don't think I can bring my self to trawl through the dirbuster and skipfish outputs again...

    Same boat.

    PM me

  • edited December 2018

    still can't figure out the password. what's that last character? is brute-forcing really is the way to do this? tried all the clues i have found near the error..

    EDIT: found it

  • Could someone pm me about the privesc? Im pretty sure I'm on the right track, but nothing seems to work.
  • While creating the box I was thinking whether to make the box realistic or original. So yes, I'm aware that the the way of finding the first password is highly unrealistic. But nonetheless, I hope people will learn something new.

  • After some enumeration and finding nothing useful, i came to get a nudge. It seems this is one machine to skip, because i prefer technical attack vectors that are at least close to "real world" situations. The moment i read that some guys are reading 2000+ files to find something hidden somewhere just putting me off instantly. I not blame the creator but it is just my 2cents.

  • edited December 2018

    @Warlord711 said:
    After some enumeration and finding nothing useful, i came to get a nudge. It seems this is one machine to skip, because i prefer technical attack vectors that are at least close to "real world" situations. The moment i read that some guys are reading 2000+ files to find something hidden somewhere just putting me off instantly. I not blame the creator but it is just my 2cents.

    These guys failed in first step of enumeration and jumped directly to step 3 or later. Because of that, they are missing step 2.

    Many others failed in using tools properly. Don´t be skid bashing commands and try to understand what is your target, why some things are happening and why you see what you see.

  • @Laegir said:

    @Warlord711 said:
    After some enumeration and finding nothing useful, i came to get a nudge. It seems this is one machine to skip, because i prefer technical attack vectors that are at least close to "real world" situations. The moment i read that some guys are reading 2000+ files to find something hidden somewhere just putting me off instantly. I not blame the creator but it is just my 2cents.

    These guys failed in first step of enumeration and jumped directly to step 3 or later. Because of that, they are missing step 2.

    Many others failed in using tools properly. Don´t be skid bashing commands and try to understand what is your target, why some things are happening and why you see what you see.

    Yea thats true.
    I think if you look at what you see, you find the first hint very quick. Filesize is too small, maybe he should have picked another filename to make it more pointing out.

  • edited December 2018
    Awesome box. I definitely learned a couple things. I dont think the initial part was too bad. Certain tools will pick it up and point it out if you look through the output. There are enough hints in this thread at this pount that no one should be digging through 2000 files...
  • Holy crap what a ride, many thanks to those who lighted me up

    SekIsBack

  • @FNGCrysis said:
    Thanks @opt1kz !
    R00ted.. had a hell of a time with priv esc by making assumptions.

    any hints for root?

    OSCP

Sign In to comment.