LaCasaDePapel

1568101124

Comments

  • Type your comment> @Kinjo said:

    Due to the fact that I've read in previous posts that playing with https is not required, I avoided to transit that path. After some time walking arround, I'm beginning to wonder if it could be a good idea to return to https

    As @skordokailas pointed out, it is true that there are two routes to root ;) I personally went the way of https initially, but had the chance to go the other way. The alternative is only good if you are really familiar with the environment and potential exploit.

    Hack The Box
    Discord: AzAxIaL#8633

  • Type your comment> @NightFury said:

    I'll try to not spoiler anything, but after getting into the https private part, I'm completely stucked, i can read user.txt file, i got the i*_**a file, but after use it in all /etc/p****d users, still not able to get shell in the machine, is this the intended way of continue or I missed something?

    You are on the right path. Make sure you don't have too broad permissions on the file you got.

  • Reading through the thread there seems to be an unintended way to diretly get root. I have it already by the intended way I guess. Would really appreciate if some could contact me how the unintended works. Thanks!

    "Respect to whom respect is due."
    Twitter: https://twitter.com/0x4242 | Web: http://0x4242.net
  • As I'm reading.... avoiding HTTPS is the unintended way...

  • I am struggling with the certificate part ... I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still ... little help please?

  • Type your comment> @kilo5150 said:

    I am struggling with the certificate part ... I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still ... little help please?

    Try help in your shell =D

  • Type your comment> @Kebby22 said:

    Type your comment> @kilo5150 said:

    I am struggling with the certificate part ... I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still ... little help please?

    Try help in your shell =D

    I am able to look around the system and added my own ssh key to .ssh authorized keys, just to realize I will get another psysh... not sure where to go from here

  • Could use a nudge for root. Is m*******d the way to go?

  • i managed to get the https where you choose a season but nothing else any tips thanx

    Arrexel
    OSCP | I'm not a rapper

  • for the life of me i cannot figure out how to get past "Sorry, but you need to provide a client certificate to continue." I have followed various guides ... any hints will be greatly appreciated

  • Type your comment> @kilo5150 said:

    for the life of me i cannot figure out how to get past "Sorry, but you need to provide a client certificate to continue." I have followed various guides ... any hints will be greatly appreciated

    try to look through old door keyhole. pm for more.

  • Rooted

    Hints
    User: I think there are two ways to get user shell. I used the certificate/https route. Copy/paste and your local host are your friends here.

    Root: Don't need to enumerate too much. Once you see what's going on, you'll think you have it. If you don't get the shell after making the necessary mods, check how some common commands run in this environment. They might not be what you're used to...

  • is it me or everyone got 443 port always down

    Arrexel
    OSCP | I'm not a rapper

  • hi! im in front of $t**** variable using p** sl v0.9.9 but i have no idea how to extract something useful, i don't know how to execute anything, using the command "sh" i can see the code of that variable but i've googled all night long but nothing;
    i don't want any hint, just some good guy who can tell me where to study to comprend this ABOMINATION.

  • When I am trying to import personal certificate in firefox I am getting the following error- "This personal certificate can’t be installed because you do not own the corresponding private key". Why am I facing this problem? Any help will be appreciated.

    Master123

  • Type your comment> @Master123 said:
    > When I am trying to import personal certificate in firefox I am getting the following error- "This personal certificate can’t be installed because you do not own the corresponding private key". Why am I facing this problem? Any help will be appreciated.

    did you generate correctly the client c** with the correct priv8 key ?

    Arrexel
    OSCP | I'm not a rapper

  • Please stop killing `https` server
  • Type your comment> @f3v3r said:

    Please stop killing https server

    yeah i cannot do anything

    Arrexel
    OSCP | I'm not a rapper

  • Rooted. I learned so many things.
    I will try to help anybody , just drop me PM.

    OSCP - Looking for pentest Jobs

  • Rooted &&

    Arrexel
    OSCP | I'm not a rapper

  • Rooted but there is a certain issue with a certain bug on port 4** that causes it to stop working when trying to exploit it. With a little help I got around that but I'm still curious to know what the problem is, if anyone could shed some light on that in PM (or even just discuss the problem) that would be great.

  • edited April 2019

    Rooted, this was a fun box but very slow and unstable (at least in the public server). As for hints almost everything that could be said was already mentioned in this forum. PM for more hints if you are stuck.

  • Rooted. That was a really fun box. I need much time on user part. Thanks to @sazouki for his help in the user part.
    PM me if you need any hints

    Master123

  • Hi guys,
    Some hint to start ??
    i was playing with the QR and G-Auth but i don't found anything !

  • Can anyone help me with the box via PM? Now stuck at certificate part:(

  • Type your comment> @EthicalHCOP said:

    Hi guys,
    Some hint to start ??
    i was playing with the QR and G-Auth but i don't found anything !

    check the ports again, maybe you can find an exploit for that online?(not metasploit)

    v1ew-s0urce.flv
  • edited April 2019

    so i have some kind of access through both https and the good old door, managed to add myself to a user's auth file and have a slightly more stable shell than the good old door, but its still the same thing. pulled another users key via https but i cant seem to get passed this point. i know for a fact my key has the right permissions but it still asks me for a password when i use it. for the good old door and my exact equivalent via the user, i've tried various common techniques to break out. i can get a connection back to my box but cant use certain methods of executing binaries.
    any tips?

  • Finally rooted!
    Nice box, learnt a lot on SSL client server certificate mechanisms.
    My two cents are the following.

    Initial foothold
    Opened services are there for something... so focus on what you can grab from each service and find an old open door.

    User
    Once you find the old door, you are invited to play with OpenSSL..so give it a try. Once you managed to correctly authenticate yourself...basic hacking and user is yours.

    Root
    Just tell the machine to do what you would like her to do.

    Cheers!

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Finally got root, thanks to the peeps who helped me out.
    Some tips and requests:
    i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
    root was... frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you'll see the way forward, just dont over complicate for yourself.
    a request to those still attempting who are running in to lots of people at the same time:
    please dont be a jerk. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

Sign In to comment.