Teacher

1246719

Comments

  • edited December 2018

    @takemyhand said:

    @FNGCrysis said:
    Thanks @opt1kz !
    R00ted.. had a hell of a time with priv esc by making assumptions.

    any hints for root?

    You know something odd is happening. The thing causing can be found by searching for something that would cause it, perhaps even the name of what is going on is a dead giveaway. When you see it, take a look at everything that is happening.

    Replicate it on your local machine and you will realize what you actually need to do. When you get to this point, it is extremely important to understand what it is capable of doing.

    PS: When you apply for a job, do you reference your own family members or do you list someone outside of your present home? We all do things differently, but one option is considered to be the better answer from a professional perspective ;)

  • I'm missing something... Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint in pm? :D

  • Ok, after all - nice way to get root.txt - i did not try to get root shell, anyone managed ? I was just after the flag and reverted the machine for others to have fun ;)

    image

  • @Warlord711 said:
    Ok, after all - nice way to get root.txt - i did not try to get root shell, anyone managed ? I was just after the flag and reverted the machine for others to have fun ;)

    Yes root shell is possible, probably using similar method to that you used to get root.txt

  • can someone help me with getting root? ;)

  • Followed the evil method, watched the video but still not working.. Might be a permissions problem, please anyone pm me about RCE on this box. Need some hints

  • edited December 2018

    Rooted! That was a fun box once I got past the initial foothold. I wasted a lot of time going through Spoiler Removed - egre55 directories. It gets better

    tobor
    Gods make rules. They don't follow them

  • pwnpwn
    edited December 2018

    Once shell is obtained, any hints to get to user.txt? Nothing standing out in the enumeration phase on the filesystem.

  • I've just gotta say some people are persistent with resetting this box! It makes it a challenge to figure out priv escalation while thwarting the reset attempts! Oh well... two mins after it boots I'll get my initial shell back.

    OzzY

  • rooted shoutout @Phrenesis2k for the help on user =], sharing the hint: there are a number of ways to check if you got code exec =], some may work some may not

  • finally got root, not as i expected but the job was done, pm for hints!!

    Hack The Box

  • @IteXss said:
    finally got root, not as i expected but the job was done, pm for hints!!

    Got root. Thanks mate. still wondering how to get an actual shell

  • Got root. Tips on this forum however lead me a little bit in wrong way...

  • @nawaronin said:
    Got root. Tips on this forum however lead me a little bit in wrong way...

    That's our job. Lure people into the wrong direction. :naughty:

  • I hate some users who keeps on destroying the site, resetting the box, and deleting the databases!

  • This box is cancerous. I don't know what magical file people are seeing with credentials, but I've been through about a thousand of them and seen absolutely nothing. Super fun vector.

    Alh4zr3d

  • @Ruri said:
    This box is cancerous. I don't know what magical file people are seeing with credentials, but I've been through about a thousand of them and seen absolutely nothing. Super fun vector.

    Carefully check the sources and you will be just fine...

  • edited December 2018

    @dxaxpanda said:

    @Ruri said:
    This box is cancerous. I don't know what magical file people are seeing with credentials, but I've been through about a thousand of them and seen absolutely nothing. Super fun vector.

    Carefully check the sources and you will be just fine...

    I just found it. I maintain my last position: this box is cancerous. That was the stupidest vector I've found in all the time I've been doing this. I now see the little "hint", but I maintain that this was idiotic and unrealistic.

    Alh4zr3d

  • edited December 2018

    Is anyone else having trouble with accessing the site?

    EDIT: Do the credentials for the webapp change when the box is reset? My creds arent working anymore

    EDIT2: Reaaaaaaly struggling with box staibility. Its up for 2 mins then down for like 10, no one else experiencing this?

  • Finally rooted! This machine is very unstable with all the resets... Some hints to help:
    -For initial foothold:
    Pay attention to everything you see on the site, no need for gobuster, just think like you have OCD.. and then be a little "evil".
    -For user:
    Can't give much away without a spoiler, just try to be user G**.
    -For root:
    Find something that runs, try to understand what capabilities this program give you and where it moves something, and use this to get your root!
    Hope this was helpful and not a spoiler!

  • My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you're prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

    Alh4zr3d

  • Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing...

  • @alrightalright said:
    Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing...

    If you are on free like me just be patient!

  • All I can say is this is a well know CMS hint " learning "
    It it is vulnerable to code injection
    <img src="https://www.hackthebox.eu/badge/image/26824" alt="Hack The Box">
  • Any hint for getting user? I have a shell but cant find anything to read the flag : /

    xeto

  • @xeto said:
    Any hint for getting user? I have a shell but cant find anything to read the flag : /

    Im in the exact same spot as you, currently digging around

  • @Phrenesis2k said:

    @Sekisback said:
    found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

    Username is case sensitive. So try again. ;)

    According to my tests, it's not.

    Deleite

  • edited December 2018

    @alrightalright said:
    I'm missing something... Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint ? :tired_face:

    try gobuster

  • edited December 2018

    @deleite said:

    @Phrenesis2k said:

    @Sekisback said:
    found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

    Username is case sensitive. So try again. ;)

    According to my tests, it's not.

    It is case sensitive on the login Page !

    Baikuya
    OSCP

  • @Baikuya said:

    @deleite said:

    @Phrenesis2k said:

    @Sekisback said:
    found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

    Username is case sensitive. So try again. ;)

    According to my tests, it's not.

    It is case sensitive on the login Page !

    I managed to log in with 'Gio*****' and 'gio****' and the same password.

    Deleite

Sign In to comment.