Vault

179111213

Comments

  • I would really appreciate it if someone can PM me and have time to explain to me what really the objective of ssh tunneling is? I've read through several posts but i really need question specific answers :) thanks in advance

    LordeDestro

  • Google Dynamic Port Forwarding (SSH) and you shall receive

  • Got user! big thank you to @CHUCHO and @IteXss . People with VIP should pay attention in case they don't get the results that they expect by following the clues. They might need to change servers, especially if it has to do with port 80!

  • Hi, I need help with the reverse shell. Nothing I've tried has worked. I want to ask several questions to see if I can understand what I'm doing wrong.

  • Got user as well. Now in machine D*S do i privesc here or there is another pivot i need to do?

    LordeDestro

  • I've already got it to work

  • Stuck on g** file .... dont know how to decrypt it. Please DM

  • Alright got root.txt. but how to get the root shell ?

  • is it common to get root first than user on this box? seemed to easy to get root, maybe i found something that i wasn't supposed to? :/

  • edited December 2018

    i've got user on main box , got my way through on "inner box" , got my way through on "safe box"
    i know what is g** file ... thanks to google :D
    any hint on how to transfare this g** from "safebox" to "innerbox" keeps getting "port 22: Connection timed out "

    Edit :GOT ROOT

    mitoOo

  • edited December 2018

    Am i the only one around here who stucks at the .-o**n website and is unable to get a callback to nc ? Like really, I am doing this for hours now and I am quite sure I know what to do but I never get a callback to my nc.
    Is there a hidden ninja technique or am I supposed to sacrifice a cow ?

    Baikuya
    OSCP

  • @Baikuya said:
    Am i the only one around here who stucks at the .-o**n website and is unable to get a callback to nc ? Like really, I am doing this for hours now and I am quite sure I know what to do but I never get a callback to my nc.
    Is there a hidden ninja technique or am I supposed to sacrifice a cow ?

    I´m have the same problem the callback in the o**n :(

  • On beginning rev shell i found root.txt it not was cool! but after some enumeration i got root second time on other host ;). Last part was really nice!

    Arrexel

  • edited December 2018

    @Baikuya said:
    Am i the only one around here who stucks at the .-o**n website and is unable to get a callback to nc ? Like really, I am doing this for hours now and I am quite sure I know what to do but I never get a callback to my nc.
    Is there a hidden ninja technique or am I supposed to sacrifice a cow ?

    stuck on the same problem..can't get a reverse shell through o***n. need a hint in the right direction.

    EDIT: Got root on DNS

  • GDXGDX
    edited December 2018

    Now that was one trip...
    This was a really nice box, especially for learning new things about pivoting, which could be very useful in many real-life situations.
    If you need some hints feel free to PM me.

  • @mitoOo said:
    i've got user on main box , got my way through on "inner box" , got my way through on "safe box"
    i know what is g** file ... thanks to google :D
    any hint on how to transfare this g** from "safebox" to "innerbox" keeps getting "port 22: Connection timed out "

    Edit :GOT ROOT

    Awesome hint :+1: for root.txt.

    Hack The Box

  • edited December 2018

    Spoiler Removed - egre55

    Hack The Box

  • Rooted!

    I really enjoyed this one, hats off to the machine maker.

    There are multiple ways to grant yourself access, I found myself connecting through a GUI quite a bit :-)

    Hack The Box

    CEH | OSCP

  • whoa...this was awesome box!
    fun, good flow and learned a fair bit.
    love your work @nol0gz
    Thankyou

  • I have root on D** box but I can't ping v**** box. Am I suppose to? I can't tell if I need a nudge or it's the boxes?

  • @som1 said:
    I have root on D** box but I can't ping v**** box. Am I suppose to? I can't tell if I need a nudge or it's the boxes?

    Not being able to ping v**** is normal.

  • I can't find anything I have used the directory-list-2.3-medium.txt and common.txt help me plz

  • @ch7 said:
    I can't find anything I have used the directory-list-2.3-medium.txt and common.txt help me plz

    This question is lacking some context. If you haven't gotten any access at all, though, I'd suggest thinking about what file extensions are in use here and scanning for files ending in those.

  • edited January 2019

    @0x29A said:
    For example, if someone wasted six hours digging through an ISO, maybe they'll think twice about doing that again next time they run across one and mark it low priority. Maybe they'll take note about what the ISO contains (could be a hint) and just continue on. Maybe they'll learn how to md5 or sha1 the ISO file and see if it's a stock image. If it's not, maybe they'll learn how to diff the ISO file with a stock ISO so they aren't forced to dig around the entire thing.

    Similar lessons may be learned from just about any rabbit hole.

    Look at IppSec's videos and how quickly he dismisses most rabbit holes. You think he does that in practice? I do. How do you think he learned such intuition?

    Regarding things like login rabbit holes: at each layer in the hacking process, you should follow the standard steps. The first being recon. For example if you see a login form half way through your recon process and you immediately start hitting it with a brute force, you've just violated modus operandi. It's not until that doesn't even work that you continue your recon...so why not have continued that in the first place in order to gather all of the puzzle pieces? I like to call them "dots." Once you have all the dots, you'll have the beginning of your attack surface graph. You can start performing more systematic research on each of their attack vectors, forming relationships with other dots, and determine routes to your final goal. Finally, you can map out the shortest cost, least noisy, shortest path, etc to reach your goal. Most, if not all, of the rabbit holes at this point will be obvious in your graph.

    Learning how to be pragmatic and how to frame your problems accordingly may not always save you time, but it will save you the headache of guessing and working with unknowns and eventually dissolve your reliance on script kiddie tools and methodologies. Most importantly (imho), it will make you quieter in real life encounters.

    Edit: Slightly off-topic rant: To all of the cheaters out there: This is a learned skill. A talent. An art. And it's required. If you request help from someone and they provide a spoiler, either discard it or learn from it, don't live by it, and certainly don't pass it on. If you must (e.g. team member, close friend, or something), explain to them what you learned from it rather than just copying & pasting the solution, because that does neither party any good. Plus, spending the extra ten minutes it takes to digest the solution and explaining it to yourself and then to your friend will totally be worth it, trust me. For example: Someone asked me for help on a simple binary exploitation. I could've just pasted him my ~50 byte payload and maybe tried to answer some questions following that, but instead I took 20 minutes out of my day and wrote a fairly detailed write-up specifically for him on how it was done. It taught him how to do it, I learned a couple things merely explaining each individual step, and if he ends up sharing it, so be it... there's no copy & paste solution, just reading material for others. Sure there's a leader board, but we don't -- shouldn't be measuring epeens here, we're all intellectuals. We should all think of ourselves as students and teachers. Do your part in the community. Learn together!

    ^^^MOOD, but seriously, rabbit holes have thought me quite a bit almost mirroring the example given, there are numerous boxes that i've been able to fly through that is see other people stuck on because of the stuff i learned following rabbit holes. They even taught me how to move files to do things locally in the background while i have tmux open doing other things etc etc. Rabbit holes are honestly great for making people slow down and process everything in front of them which i can say definitely helps in the RW/wild.

  • This machine was insane. I really like it because I learn a lot.
    PM me for hints about this cool machine :)

    Hack The Box

  • edited January 2019

    So I managed to get shell fairly easily but really stuck on how to pivot to the D*S server. I have all the creds on the server that I can see but the tunneling just doesn't make sense to me in this context.

    I have watched both of Ippsecs poison and Arekei video but am still lost. If anyone could lend a hand that would be awesome :)

    Thanks guys

    Edit: Managed to get the .o*** con***r bit but can't seem to get a callback like some of the posts above. Anyone got any tips or places I can look at? Been looking at a medium article but hasn't helped much so far.

    Edit2: Finally got a callback! got creds now looking to move from D** box to the V****. Looking for a nudge in the right direction, I have been looking at the log files and found the n*** but that's it so far mmm

    Edit3: Got ROOT! Loved this box thanks so much to the creator that was such a cool fun way to get root. Onto the next box!

  • Awesome box, thanks @nol0gz!

    Anthirian

  • Rooted, Great box, learned quite a bit, and thanks to @H4tt0r1 for giving me a push on getting to the DNS box

  • edited January 2019

    ‘usered’ . I feel myself on a tree with this machin. So many ‘side branches’ :D THX God not downloading the huge .i** file. I am on mobile net and wanted to skip as long as it is posible . got user without huge file. I hope it is not needed for root

  • @ykataky said:
    ‘usered’ . I feel myself on a tree with this machin. So many ‘side branches’ :D THX God not downloading the huge .i** file. I am on mobile net and wanted to skip as long as it is posible . got user without huge file. I hope it is not needed for root

    Can confirm it's not needed. :D

Sign In to comment.