FluJab

1456810

Comments

  • For other people getting frustrated. One other thing i will ask is this.
    If YOU use an ssh private key irl. Do you use it to ssh back to yourself, or to ssh to other boxes?
    I have only ever done the first one in a CTF...
  • I can get info from the Nurse, got creds and a hint of where to use them, but when I go to the place hinted I just get "direct access not allowed". Do I have to focus on a way to bypass this "not allowed" message or do I have to keep searching with the Nurse?

  • direct access is not allowed but there is a lot of alternative accesses, use one of them.
    I got info from the Nurse after all my ways, may be there are several infos from Nurse, I got only one series.

    Nurse sent me very important data to go further, so force her to send you more info.

    rooting is realistic case, spent three hours to search and practice new exploit.

    tabacci

  • I just managed to no longer see clowns, but now I'm a bit stumped how to move forward. I'm trying S**P for a while, without no response. This is tricky :warning:

    pzylence
    OSCP

  • Type your comment> @pzylence said:

    I just managed to no longer see clowns, but now I'm a bit stumped how to move forward. I'm trying S**P for a while, without no response. This is tricky :warning:

    Try S**P harder, It will be useful to get info from Nurse

    tabacci

  • edited February 2019

    Thank you to @tabacci for this nudge and @3mrgnc3 for the box. It made me remember something that made me try really harder in the initial days.
    This is really close to a penetration test. If you think this is just a web application penetration test, you might be highly mistaken. This is NOT just a web application penetration test where you'd run some automated tool, or perform SQLi, and boom, you get in. This requires some work, some patience, some suffering (@3mrgnc3 knows what I'm speaking about :wink:)
    Really enjoyed this box. I +1 it. PMs are not welcomed :blush:

    pzylence
    OSCP

  • Any hints on intitial footholds and getting around no direct IP access?

  • hahahahahahahahaha
    ..../?admin redirects to ..../?u_wish

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • Any hint on direct ip access not allowed? http header does not work :( even with ip 20.xx.xx.xx5

  • edited March 2019

    Type your comment> @nijat11 said:

    Any hint on direct ip access not allowed? http header does not work :( even with ip 20.xx.xx.xx5

    This is indeed annoying. Im stuck on this already second day!
    Is everything fine with this machine? Its quality concerns me very much.

    m4rc1n

  • Please anyone PM me, for discussing Direct IP access not allowed on https://s*****-c******.flujab.htb/

  • edited March 2019

    @3mrgnc3 thanks for your work, i had several days of fun and pulling my hair out. eventually, i got my precious root.txt in unintended way.
    as for dispute, if this box is real-life or not. i guess when you got a lot of rabbit holes, dont have source, connections are randomly dropped, when you scan, this is very real case. when you attack, most of sane people defend. that's normal. just dont be %27-guy xD

  • Hey @m4rc1n & @nijat11

    Burp all your requests that are being denied and check if you can't access what you expect because of your browser or the server.

    Maybe it's not the quality of the box... but your knowledge of browser caching that's the issue?
  • Thanks @14dev
    You are very welcome ;)
  • edited March 2019

    Hi there,

    I hope someone can guide me on how to get info from the nurse.
    I was able to get standard info from b*****g and c**********n, but i am struggling to get more info from her.

    Can someone give me a nudge on that?

    Cheers

    EDIT:

    Got the point here. Learned a lot on how to ask correctly and get beyond the expected answer.

    Hack The Box

  • Hi @Sh11td0wn

    The clues are in the box name and this post thread.
  • edited March 2019

    removed

    m4rc1n

  • Type your comment> @m4rc1n said:

    Type your comment> @3mrgnc3 said:

    Hey @m4rc1n & @nijat11

    Burp all your requests that are being denied and check if you can't access what you expect because of your browser or the server.

    Maybe it's not the quality of the box... but your knowledge of browser caching that's the issue?

    Thankx, I have user but the last step to get it ... Maybe I missed something during enumeration, but I do not really see how to guess what to get without extra help (even after "suffering" during OSCP course). Curious if there was actually any clue for this on the box.

    m4rc1n

  • Finally Got root <3 I really Love This Box. Getting User Is like Hell. Root is fun I appreciate you effort @3mrgnc3 love this box. Learn tons of things

  • edited March 2019

    @HadesAKM said:

    Finally Got root <3 I really Love This Box. Getting User Is like Hell. Root is fun I appreciate you effort @3mrgnc3 love this box. Learn tons of things

    Very happy to please ;)
    Well done on your pwnage of FluJab.

  • Finally rooted Flujab!

    Awsome machine! I voted it as non realistic at all, because in real world, we will hardly find targets with vulns (and other funny things) on each every single step of our invasion.

    That being said, i learned a lot on literally every step from initial enum to root shell.
    I want to thank the author and the guard angels that helped me.

    Everyone is welcome to PM me for hints or discuss the workflow.

    Cheers

    Hack The Box

  • How do you access to the sub I got from the nurse? One way it returns direct ip access not allowed, the other way it returns 301. None of the usual WAF bypass headers seem to work.

  • edited March 2019

    @krypt

    Double check what your browser is requesting. Try using Burp intercept and don't assume what you type into a url is what your browser will request.

    Modern browsers cache way more than expected in order to improve page load speed.

    If that still won't work... Thats either because you haven't recently spoken to the nurse or someone else told you what she said.

  • Yes it was the cache figured it out later.

  • Whaou, not a piece of cake box.

    Thanks for the "nurse talk", it was an occasion to use a personal tool that I wrote. it's a good opportunity to improve it.

    Now stuck on the area where the nurse guide me. See the closed door and no clown to end the party (I it make you crazy, tell him to stay at home). Try to c***k given hint not work and not find any bug to exploit.

    What did I miss?

  • Oh my, what a box... I really didn't want to ask for help but here I am... stuck after a week.

    I have one question: when talking with the "Nurse" I just kept on scope as suggested, but it seems I cannot use the information I get. Do I need to get out of the scope?


    image
                         HTB Profile


  • Oh my, what a box... I really didn't want to ask for help but here I am... stuck after a week.

    I have one question: when talking with the "Nurse" I just kept on scope as suggested, but it seems I cannot use the information I get. Do I need to get out of the scope?

    If we have the same definition of the word scope for this machine, when you get the good info, you will find the new "scope" with it.

  • Type your comment> @neuronaddict said:

    Oh my, what a box... I really didn't want to ask for help but here I am... stuck after a week.

    I have one question: when talking with the "Nurse" I just kept on scope as suggested, but it seems I cannot use the information I get. Do I need to get out of the scope?

    If we have the same definition of the word scope for this machine, when you get the good info, you will find the new "scope" with it.

    I mean to not get out of scope: to not attack/test services that do not belong to flujab.
    Let's say that the "Nurse" can tell you tales from 3 different books: o*****s, v**********s, and p*****t. But only v**********s is in the scope as it is the book used by the flujab "company". So, do I need to get out of the scope and tell the Nurse to readme the other books?


    image
                         HTB Profile


  • Finally rooted. Root is the easiest part I think. It has been frustrating at times but still a cool box.
  • Well done @krypt

    Hope you had fun ;)
Sign In to comment.