Teacher

1111214161719

Comments

  • edited February 2019

    Edit: Posted extra comment by mistake.
    Edit: answered my own question, got user. On to root.

  • Can someone PM me a nudge for root? I see what's going on, but really stuck.

    cheers

  • Wtf can't access m****** folder even if I reset the box

    Hack The Box

  • @jetuletz said:
    Got low prv shell, found mysql password and thats about it, it seems like ages since I am enumerating. I am able to connect to m***l but i dont see any output. Could anyone nudge me in the right direction for user? Is logging into m**** going down a rabbit hole ? Would appreciate a PM. Ty

    Re: not seeing any output, try and upgrade your shell (Python for example).

    I'm in a similar situation though - have a low priv shell, I have m****l details and have looked around there a bit. Other enumeration efforts are fairly fruitless.

    I can even see what to do for root, just moving from this service account to g*****ni in bash is where I'm struggling.

  • Can anyone help to root? A little hint?

  • edited March 2019

    Type your comment> @MrPurplz said:

    @jetuletz said:
    Got low prv shell, found mysql password and thats about it, it seems like ages since I am enumerating. I am able to connect to m***l but i dont see any output. Could anyone nudge me in the right direction for user? Is logging into m**** going down a rabbit hole ? Would appreciate a PM. Ty

    Re: not seeing any output, try and upgrade your shell (Python for example).

    I'm in a similar situation though - have a low priv shell, I have m****l details and have looked around there a bit. Other enumeration efforts are fairly fruitless.

    I can even see what to do for root, just moving from this service account to g*****ni in bash is where I'm struggling.

    Can you point me in the direction of getting into m****l?
    I have found a couple of hashes for a non-system user but creds dont work for m****l login, nor the webservice...
    Banging my head against a wall on this one.

  • Quick hint for the initial file: No need to spider anything. That will only lead to countless domains to look at. Instead just keep Burp/Zap/etc. open while browsing. Hope this saves someone the time I lost :)

  • Hi! I'm stuck at a point from last 3 days.. Now its very frustrating.. Please help.. Successfully logged in and carefully watched THAT video but could'nt get any reverse connection... Please help! PM Appreciated!

  • to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box....it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

  • Type your comment> @royc3r said:

    to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box....it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

    no, it does not.
    cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula

  • Type your comment> @Teryx said:

    Type your comment> @royc3r said:

    to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box....it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

    no, it does not.
    cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula

    Thank you Teryx!

  • edited March 2019

    Hi Guys, I found the username g*****i and found the password and the extra bit, I have tried multiple combinations including using a surname as part of the user but I cannot login to *o***e... I just don't see what I am doing wrong? any help would be most appreciated.. Cheers.

    OK Got it now...

    @neuronaddict thanks for the hint

  • Nice box, I learn some interesting things.

    Some hints :

    foothold

    Zap proxy provide some nice features : log all http traffic (to further analyse), replay some requests, index site (follow all links to search and log all pages), and search for string in logged traffic. Play with it and you will save more time later!

    user

    If you google correctly and read carefully what is possible, you will get you user.

    root

    Think about your system in term on read, write, execute. What can you write, read, execute and who can make what for you?
    Its simple to reproduce the env in our local machine to test more easily.
    Root shell is also possible, with a similar technique.

    PM me if you are stuck and want some hint.

  • hey !!! can someone plz pm me to help me get the creds ?? i search every file and still nothing ...

  • this box is such a pain lol... I just spent 3 hours looking for the password :anguished:

  • Hi,
    I've completed the box, If you need help, just pm me :D

  • hayyy guys i need an explanation. i got user.txt but for root i found world witable directory and interesting tar file owned by root. i know that w*dcd i*******n and s******c attack can be used . but to use these methods, i need to have a suid program? am i right or worng, i'm confused now. PM me . i wanna discuss that.

  • edited March 2019

    Hmm .. I'm just so close, that I start to smell the root flag.

    I'm trying to be "wild" .. however, the exploit doesn't work when I'm outside of the folder, but applying the command in the same folder works great .. if anyone has an idea please share it with me <3

    Update: Got the flag .. but didn't root the machine thanks to @wizlord .. however not sure why being wild didn't work for me to get the shell.

  • Man .. I want to beeotch slap this machine. I have gone wild 7 ways from Sunday and it just wont work for me. @wizlord show me the way. I am sooooo close.

  • please how do i get root access. please PM me for hints

  • Need help, i found mo**** end enumerated sub dirs but nothing intresting, please help me

  • can somebody explain me, why can't I get a persistent reverse shell ?

  • got the low privileged shell ...on the way to user.. did the m***l enumeration and stuck with hashes .. can some one please help me out here :(

  • Type your comment> @achayan said:

    got the low privileged shell ...on the way to user.. did the m***l enumeration and stuck with hashes .. can some one please help me out here :(

    and that's a whole day spend in teacher .. GOT USER ..

  • I got user and root flag .. however, anyone was able to get root shell?

  • ROOTED .. thanks for @Shadows and @Leonishan for supporting in priv escalation .. :) .. nice machine @Gioo :)

  • I couldn't root, but I got root.txt. Is it possible? I do not know.
    Thanks for helping. @Shadows @pp123

  • Got user & root.

    A very nice box, thank you @Gioo !

    PM if you need some help.

  • edited March 2019

    Found the G******* hint but no idea how to find what is missing from it.

    Edit: No idea what I was thinking. Got the pass for the service.

  • got a lov priv shell, need help for user please PM me

Sign In to comment.