Redcross

12346

Comments

  • Finally rooted this machine. Great work with this! Some people thought it was a little too CTF-like, but I beg to differ. It was pretty realistic. Really crafty way to get root without going the BOF route.

    Can someone who actually did go the BOF route send me a DM with details on how they were able to do it?

  • edited January 2019

    HI all,
    was able to login with default credentials. But not able to proceed after that. Saw S***
    But not able to exploit it. Can someone give me a hint here?
    Thanks.

    Edit.1: GOt the messages and Moved to next login page. Stuck there again. Hope this is the last one in guessing game.

    Edit.2: Got another *****admin. Trying with default Credentials. Any hints here? Thanks.

    sesha569

  • @sesha569 said:
    HI all,
    was able to login with default credentials. But not able to proceed after that. Saw S***
    But not able to exploit it. Can someone give me a hint here?
    Thanks.

    Use s****p to extract the data.

  • So I'm able to login to the a**** panel and tinker with the fw/u*** settings, but I've been stuck for a couple days making any progress from there. I'm stuck in a jail with the account I've created, not optimistic about getting out. I was able to get RCE with an exploit on a certain mail service but I'm having trouble converting it to a shell. I'm thinking I need to find RCE from somewhere in the a**** panel, but having trouble locating it. Am I headed in the right direction?

  • Rooted this box.
    Can I just say that having done so, I still have no idea how about some of the exploits I've seen people talking about here. Well done on this box.

  • Rooted this box the BoF way. Feel free to PM me about the BoF. :)

    Learnt a LOT of stuff thanks ! Special thanks to @CaptainBounty helped me on enumeration part.
    The RCE was quite random to me, maybe I misunderstood something.

    Nofix

    OSCP

    Twitter : https://twitter.com/N0Fix | CTF team website : https://sentrywhale.com/

  • edited February 2019

    Anyone rooted the box the ph?nt?m?? way?

  • hi, can anyone give me a nudge, i got stuck for days now. i got some hashed and read about that they should be able to crack in a short timeframe... didn't had any success. also with bruteforcing taking words belonging to this machine, e.g. redcross, the usernames and so an.
    I also haven't found any other webapp on port 443, tried several wordlists with dirbuster...

  • Got root finally. Thanks @ASHacker for your awesome help and hints :)
    PM me for hints.

    sesha569

  • Rooted. Thanks for the help guys

    GreysMatter

  • edited February 2019

    Rooted without using bof method. Moving onto bof next. Anyone got root directly from *n*ra portal? Think I found an RCE but working around url encoding issue. PM if you have, would love to know how you managed it.

    Great box by the way, found it to be very realistic.

    image

  • edited February 2019

    Got root!!!

  • edited February 2019

    Stuck at pe***e user. Any hints on how to get root?

  • Rooted via an easy-ish method. Went from www-data to root skipping user.

    Tried a bit of BO, however, didn't manage to crack it. Don't think I'm good enough with that yet... :) Great box for testing out a few different things. Would love to know how to get root via BO though if anyone would like to send a PM to get me on the right track. ;) It's an area I'm trying to improve after really enjoying frolic, however, this seems to be a bit of a step up!

  • Cant seem to find RCE can someone PM me please. Been playing around with posts and a certain mailer exploit for over a day, getting pretty frustrated.

    Hack The Box

  • I think i see all of the login panels. I have a form of s**-I****** working, but cant view data, s****p always shuts the server down for about a min when trying to automate it... just need a little help if you have time

  • Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

  • Type your comment> @InfoSecGuy23 said:

    Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

    I'd like to figure that out too lol... Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the "desired" user or ad*** no luck...

    lduros

  • I'd like to figure that out too lol... Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the "desired" user or ad*** no luck...

    Nevermind, looks like I don't really need those, just the g***t should be enough...

    lduros

  • I've read on this thread that cracking the hashes with john for at least one user would take less than 5mn... Been at it for hours. This is for c****** user

    lduros:redcross$ /usr/sbin/john --format=b**** c******
    Using default input encoding: UTF-8
    Loaded 1 password hash (b***** [B***** 32/64 X3])
    Cost 1 (iteration count) is 1024 for all loaded hashes
    Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
    Proceeding with incremental:ASCII

    Has anyone really made this work? I'll keep trying with different lists...

    lduros

  • stuck at www-data with lots of interesting information

  • edited February 2019

    A good box @ompamo. A lot of guesswork at first, but when you know what to do, its all clear. Root was rough for me. Thanks to those who gave small nudges

    pzylence
    OSCP

  • Hi my friends,
    i am lost in redcross :-( i found the page where i can login to the i****.redcross.***
    but i have no idea where to get the name or the password. i thoght to hydra but thats should not the way i think. Gobuster or all the other tools for webenumeration found nothing.
    Can someone give me a push in the right direction please ?

  • Hi
    I have seen the ha*a s**** server and i know the m exploit for it but the paramerts srvhost and srvport are not letting me run it. Can anyone tell me as to how to solve it?
    Thank you

  • edited March 2019

    I was not able to do the BoF and was pointed in another direction. As a result I managed to create a user with gid=0 however I still cannot read root.txt as permissions are

    -rw-------

    If someone want to PM me that didn't do BoF I would be grateful

    EDITED

    Never mind, rooted. Thanks to everyone that gave hints

  • i'm stuck at a***n.********.htb. I found pma subdir but not able to proceed further. Am I going down a rabbit hole if I continue probing pma, or am I going the right direction?

  • finnaly got root, by the p**l change my user's group to get high permission, but u have another way to get root, plz pm i want to know that way.

  • edited March 2019

    I have the hashes and cracked one of them. But I can't find the other login. I've tried 10k sub prefixes. What am I missing?

    Nvm: I've was looking for something that I'had already found...

  • can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

  • Type your comment> @B1ngDa0 said:

    can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

    I'm in the same situation. I'm trying the BOF too but failed so far.

Sign In to comment.