Hint for HELP

1131416181929

Comments

  • edited February 2019

    I can't get the user. I've got a shell that I am uploading and I know about the script. However, I can't figure out the clock sync

    Edit: Nevermind. I was looking at the wrong dir. When I looked to the correct one it was a piece of cake.

  • Guy am i just being heavily retarded here, Ive gone the low port route and called the git script which then gives me a success, However when i follow the link im greeted with a 404 and get no return no matter how i set this up, fairly new so any PM or help is greatly appreciated.

  • I've hit root, but curious if someone would walk me through the high port?

  • Got user and I’m pumped since it’s my first one for HTB! Sorry pleb here.

    I have ideas for root but haven’t gotten around to trying them yet. Mind if someone can PM so I can walk through my though process?
  • When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
    "PORT STATE SERVICE VERSION
    25/tcp open tcpwrapped
    |_smtp-commands: Couldn't establish connection on port 25"

    I also tried "enum4linux" but didn't get anything.
    How should I proceed from here? Need some help/guidance...

  • edited February 2019
    @shadow1warrior said:
    > When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
    > "PORT STATE SERVICE VERSION
    > 25/tcp open tcpwrapped
    > |_smtp-commands: Couldn't establish connection on port 25"
    >
    > I also tried "enum4linux" but didn't get anything.
    > How should I proceed from here? Need some help/guidance...

    There are other ports to investigate...
  • Type your comment> @itookadump said:

    @shadow1warrior said:
    > When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
    > "PORT STATE SERVICE VERSION
    > 25/tcp open tcpwrapped
    > |_smtp-commands: Couldn't establish connection on port 25"
    >
    > I also tried "enum4linux" but didn't get anything.
    > How should I proceed from here? Need some help/guidance...

    There are other ports to investigate...

    Should I try -sU for UDP scan?

  • Finally got it, could somebody guide me through the high port explotation tho? Also if anybody needs some help just throw me a pm

  • edited February 2019

    PM me for hints ...

    Hack The Box

  • Type your comment> @shadow1warrior said:

    When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
    "PORT STATE SERVICE VERSION
    25/tcp open tcpwrapped
    |_smtp-commands: Couldn't establish connection on port 25"

    I also tried "enum4linux" but didn't get anything.
    How should I proceed from here? Need some help/guidance...

    I think you should start by studying and learning. There are lots of videos with walkthroughs, check for example ippsec channel wich absolutely great. Also read writeups.
    You have to build a base of knowledge.

    epsequiel

  • Painful... been trying getting root for a while now, no success. Please send me a PM with some good advice.

  • I'm trying the **** port way and stuck trying to get the creds?? Anyone want to offer advice?

  • Hey, folks,

    Someone can give me a tip with the user of this box. I understand that the server date with my PC is not coordinated but I don't know where to go from here.

    Greetings

  • edited March 2019
    anyone out there have time to break down the query syntax?
  • NVM got it !

  • I'm stuck rooting this box.
    I found some credentials, tried some kernel and application exploits but nothing worked so far.

    If someone has another hint for me just PM me.

  • I'm banging my head against a brick wall ... I have found the user injection point, I have found the folder for t*****s, and I have tested with a jpg and txt. I just can't get past the extension filter. Can someone PM me with a hint

  • rooted via code execution... I found some passwords but couldnt use them for privesc. Can anyone send me a nudge? I'd like to learn the intended way.

  • i NEED HELP plz , i stuck with the upload shell, i found the creds from port XXXX, and i logged into the main web site and found out that the upload direction would be easier than to get admin by b**** s*** , but i couldn't upload the shell, btw i read the source code and i tried harder, all the ways that i know to bypass the upload mechanism, any hint for that point plz.

    No Hack No Life ✌😒
  • Enjoyed owning this box. It's tricky, but I think it is fair. Root is particularly easy. I went the easy-mode route, but perhaps there is another way to get there that takes some more effort.

    PM me if you need are stuck, tell me where you're at and what you've uncovered so far and I will try to give you a nudge in the right direction.

  • edited March 2019

    Did b**** si and got user and pass but I am unable to use them to gain further foothold, can anyone pm me for more information? I even tried to s1(password) to use for lower port

  • edited March 2019

    Type your comment> @t4a1 said:

    Did b**** si and got user and pass but I am unable to use them to gain further foothold, can anyone pm me for more information? I even tried to s1(password) to use for lower port

    So I am able to login to admin area, however I have no clue how to further my foothold, am I going to use the same vul everyone is using? How did those that did using b**** s**i managed to get the user other than admin?

  • Hi,
    I have this question bugging me , If time() in python returns epoch. how would timezone make a difference.?

  • Rooted Done and dusted a lot of false rabbit holes in this discussion the box was a piece of cake

  • edited March 2019

    Type your comment> @Hashbyte said:

    Hi,
    I have this question bugging me , If time() in python returns epoch. how would timezone make a difference.?

    Asking that myself. Really strange behavior. But it also seems that PHP time() is timezone relevant.

    EDIT:
    But as I understand from https://docs.python.org/3/library/time.html#time.time epoch just says January 1st 1970 00:00. So it could be timezone based as this date may differ.

    wirehack7

  • Well in this instance theres now to worry about i read some of the hints and was sweating as i needed this box for elite hacker and when i read the hints i thought oh wow nope was the easiest box on the active machines in my humble opinion

    not too easy for noobs though as theres definately some gotchas right at the beginning

    remember dont always believe what you read

  • So lovely to do a machine without Metasploit oh how i hate that program many thanks to the creators of this box i loved it

  • edited March 2019

    nvm

    v1ew-s0urce.flv
  • edited March 2019

    Got root, nice machine.

    Some hints :

    User

    if you find a tool/CMS,program,... that is opensource, try to download it to :

    • search for files that are useful to get version
    • install on a local area with full log and with your config

    Now you can test all sort of attack and see if it work, or understand why not.
    Other advice : if you find an exploit, read and understand it fully, modify it to get it work on your local area, many exploits don't work out of the box, but if you are correctly enumerate, you can guess that you are on the right way.

    root

    Take some time to get a 'real' shell (in a 'real' shell you can enter a password to sudo, use interactives commands, etc.). If you can't enter a password when you type sudo, its not a real tty shell.
    I think I Can't give some hint without spoil. As usual enumerate your system and you will get the solution.
    If you are lost on priv esc, maybe you need to work on a checklist, a good starting point : https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/.

    Feel free to PM me if you want some hint.

  • I have rooted Help. However i set the time on my machine in order to do that thing. If someone has done that thing without setting the time on their machine would you mind sharing that knowledge with me

    tobor
    Gods make rules. They don't follow them

Sign In to comment.