Lightweight

1356714

Comments

  • can connect to ssh, but cant seem to figure out how to get user, can someone give me a hint or PM me

  • edited December 2018

    Hi, i need some help in this box, i found alot of things but i can't see the right path
    will someone PM me, thanks

  • AT LAST USER!!! I had it since the begining but I didn't look close.
    Now going for root.

    epsequiel

  • Hi, please, I need some help getting user, I have tried a great deal of things, can someone PM me please, thanks

    Hack The Box

  • think i have user not sure, can somone pm? appreciated!

  • oof i've got user, but i'm like 99.74% sure i didn't do it right :/
    can someone else DM me about it? i'm pretty sure i'm missing something

    0x41

  • Rooted!

    Thanks mates for the help in the user part. Lesson learned. D:

    Root part is straightforward, just follow the @fjv tips in this thread. :+1:

    PM if you are stuck! ^_^

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • Anyone got any hint on how to circumvent the websites banning system? Thoroughly stuck...

    center

  • @Center said:
    Anyone got any hint on how to circumvent the websites banning system? Thoroughly stuck...

    time waiting

    1nitiative

  • edited December 2018

    @Center said:
    Anyone got any hint on how to circumvent the websites banning system? Thoroughly stuck...

    As you can see browsing to port 80, you already have the answer to your question:

    "This server is protected against some kinds of threats, for instance, bruteforcing. If you try to bruteforce some of the exposed services you may be banned up to 5 minutes.

    If you get banned it's your fault, so please do not reset the box and let other people do their work while you think a different approach."

    That is to say: "Think a different approach."

    0xEA31

  • hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Hack The Box

  • @Center you can bypass the banning, but you really don't need to.

  • Last part was nice :)

    Arrexel

  • > @IteXss said:
    > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Output it to a file and read it with another packet reading program on your local machine.
  • @Phrenesis2k said:
    > @IteXss said:
    > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Output it to a file and read it with another packet reading program on your local machine.

    xxd is quicker :)

    Arrexel

  • Hi everybody,

    I am stuck on the lowpriv shell. Could someone PM me with hints to escalate to user?

    Thanks in advance

    Hack The Box

  • can any one point me in the right direction. I do not see anything that sticks out. I see people are talking about capabilities but I do not see any files that would help with that. A PM with a nudge would be helpful. Maybe even a website with some information. Thank you.

    Hack The Box

  • @librab103 said:
    can any one point me in the right direction. I do not see anything that sticks out. I see people are talking about capabilities but I do not see any files that would help with that. A PM with a nudge would be helpful. Maybe even a website with some information. Thank you.

    Look a bit closer, its there, took me a while. I've found them, if anyone could help me exploit as never done it before would be a help.

  • @scottglossop said:

    @librab103 said:
    can any one point me in the right direction. I do not see anything that sticks out. I see people are talking about capabilities but I do not see any files that would help with that. A PM with a nudge would be helpful. Maybe even a website with some information. Thank you.

    Look a bit closer, its there, took me a while. I've found them, if anyone could help me exploit as never done it before would be a help.

    I will take another look at the box later.

    Hack The Box

  • Got root flag but no shell so far.
    Going to look how to get root shell.
    If anyone needs help feel free to PM me.

    Baikuya
    OSCP

  • @lnx said:

    @Phrenesis2k said:
    > @IteXss said:
    > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Output it to a file and read it with another packet reading program on your local machine.

    xxd is quicker :)

    Even strings can do the job!

  • @korrey said:

    @lnx said:

    @Phrenesis2k said:
    > @IteXss said:
    > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Output it to a file and read it with another packet reading program on your local machine.

    xxd is quicker :)

    Even strings can do the job!

    yes, its better ;)

    Arrexel

  • @korrey said:

    @lnx said:

    @Phrenesis2k said:
    > @IteXss said:
    > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

    Output it to a file and read it with another packet reading program on your local machine.

    xxd is quicker :)

    Even strings can do the job!

    Thx, i'll keep that in mind for the next time.

  • Digging around for user. If anyone has a non spoiler hint please PM me :)

  • Hi, I need some help regarding the user. Any help would be appreciated. Thanks

  • nice hint @avetamine, what he wrote is all you need to get the flag!!

    Hack The Box

  • edited December 2018

    That's weird, I used the exact method you describe but for login as *****. Once logged in there are no binaries in its home.

    epsequiel

  • took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

    0x41

  • This was a good box. It's a lesson in staying quiet and listening patiently. PM me if you need a nudge.

    billbrasky

  • @0x41 said:
    took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

    did you use ldap to get root? just asking as im going down another route?

Sign In to comment.