Redcross

123457»

Comments

  • Can someone give me a pointer on the s**i******n technique. I'm getting an error and it looks like it can be done. I haven't gotten anything useful from s****p. Maybe there's a setting or something I'm missing.

  • edited March 2019

    Got root before I got user, this box was way easier than I thought it was going to be so not sure if it was the intended way.

    Hit me up if you need any pointers.

    Hack The Box

  • Pm if anyone needs help with root😎

    Arrexel

    Trinidad and Tobago

  • Finally rooted, if you need any nudge or hint, please PM me. Im glad to help you. ;)

  • I logged in at i**** as g****, I retrieved all the messages but I can't find any credentials, also found the second login page a**** but guessing didn't work out! Using s****p with the address in the i**** is causing the server to ban me for a minute.

  • edited March 2019

    I've been stuck for a few days.. I'm trying to crack the password hashes for a few days.. I have some of the lower level users.. But am stuck on this.. I tried crackstaion and a few others but no luck.. Am I on the wrong path or just need to wait until it cracks the important one?

    Edit
    @bl4sph3m thanks for the hint on moving forward...

  • edited March 2019

    Been stuck for quite some time now.
    Found two relevant domains, got all the messages inside the first one and possibly another user that hasn't been mentioned there, but that's it... would love a little nudge.

    Would very much welcome a PM about that.

    Hack The Box

  • edited March 2019

    fiigured out what I was doing wrong.. wondering if I need to bust b****t now?

  • edited March 2019

    Update: Maybe i was beeing stupid or had a bad connection - but now it worked..
    Thanks to ompamo :)

    mhh.. i am kind of stuck. I have 2 users + pass through s***, but wanted to try the x**. It works on my local box, but not on redcross. Maybe because on the other side there is no user with browser, but a curl script? Tried different aproches, but maybe i fail because its my first x** ;) If somebody want to help / discuss please pm.

  • edited March 2019

    Need help with s... or x**, the i***a crashes after some time using s****p

    EDIT: thanks to @ompamo - I'm moving forward :)

    Hack The Box

  • Done redcross,

    Hint:
    Initial: do your enum properly, study why you cant load the site, what can you do.
    user: study owasp top 10, not always you will have to get the user first, you can get root first.
    root: there are plenty of step, think about the basic component of forming a web application, what and where does it stall the data, can you make changes to it?

    Arrexel

  • can someone help me here got the db and other required things but when i try to logging into the p**l my shell is freezing mid way after giving the password

    stevv

  • I need to be pointed in the right direction here. S** I********* are not my strong point. I can see there is one when logged in with g****:****t in the L***T C****e but i am stumped how to get anything useful out of it.

  • Type your comment> @jimmypw said:

    I need to be pointed in the right direction here. S** I********* are not my strong point. I can see there is one when logged in with g****:****t in the L***T C****e but i am stumped how to get anything useful out of it.

    Never mind, I overlooked something. I'm back on track!

  • Have time to go while the box is still running!
    The box is difficult but a couple of days is enough to pass)

    tabacci

  • rooted, pm me for hints

    v1ew-s0urce.flv
  • Rooted! Managed to go the "easy" route. PM me if you're stuck :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Saw it was retiring and I was already working on this box. Moved my butt and grabbed root before user... this doesn't happen to me often. :) Very interesting box, made me dig out some database-fu know-how.

    Thanks to @ompamo, the box had a good run

    Maglok

Sign In to comment.