Hint for HELP

1192022242529

Comments

  • I'm noob...pls someone send me an hint for user.....

  • I have gotten root.
    @haqpl, @Nour95, @netzer0
    Thanks a lot for your help! :)

  • Rooted yesterday. If any one need help or Hint.

    Just PM.

  • User OWNED !! fucking finally. for those who need help honeslty read the exploit carefully and see how you can make it do a better job. if any1 needs help with user PM me id be happy to help out

  • got root without the creds on the 3000 port, can someone explain where they were? I tried looking for them but no dice, looking to know in case I run into a situation like that in the future.

  • Got rOOt after upload that perfect timing file ^^
    If someone have another way (3000) for got root do no hesitate :)

    You can ping me if ya need help!

  • edited April 2019

    I'm stuck on priv esc. No working exploit (kernel or the ****4 service) and after enumerating, "**OT******* " doesn't work either.

    Any hints please?

    Got it, had to reinstall gcc -_-

    cyberus17l

  • Damn stupid!
    Banging my head against the upload for hours.
    Don't believe the programmer. Believe the code.

  • Root was pretty easy, though.
    I'm still curious about the other method, will try that.

  • edited April 2019

    I am stuck in the upload section. I am not getting my files uploaded even though I edited the exploit. Can anyone help me out in PM?
    Edit: just got it done 5 minutes after the comment

    Master123

  • If someone need some help pm me .. i'm ready to help <3
  • It's a fun machine. After getting user just need 5 minutes to get root. User part was a bit tricky.
    Those who are stuck in the user part, my only hint to you don't trust any message and take a close look at h*******z github page.

    Master123

  • Rooted.
    If somebody needs a nudge: feel free to contact me.

    I did not use the highport. If somebody did figure out how to get the creds there I'd be happy to know how. :-)

  • I'm confused...

    I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn't that a bit counter intuitive?

    Am I missing another service to auth with?

  • Type your comment> @s1lence said:

    I'm confused...

    I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn't that a bit counter intuitive?

    Am I missing another service to auth with?

    Could you PM with some guidance on this? Thank you!

  • edited April 2019

    Can someone give a a hint for privEsc? tried d****C** but didn't worked.

    EDIT:
    Rooted, didnt noticed i rooted because got NO prompt that the exploit was finished.

  • I will post here a tip that I would have loved to read 2 days ago for root :
    If you tried to run something and expected a root shell to pop, but for some reason it didn't (shells were particulary tricky for me with this challenge and I wasted a lot of time with it), maybe it is OK, maybe you don't need the bash. Maybe executing stuff as root is enough, and you can adapt your tests according to this.

  • I am a total noob and I need some help. I have done searchsploit on HelpDeskz and found 2 exploits sql and arbitory code excecution.SQLmap said there are no exploits and don't know how to get arbitrary code execution. I have also looked at the source code of node.js and could not see any exploits. I am now very stuck and would very much appreciate some help.

  • Im needing assistence with this Box please.
    I know ive got the right path and the correct exploit.
    Can someone please dm me , i cant run the exploit in the intendend way.
    Any help would be great :)

  • Got the user RCE working really well now, been stuck up on root for a little while though. Trying to avoid using k****l exploit.

  • Hello,
    Can some one help me with root !! Please :anguished:

    Arrexel
    Ask for hints only please and give +1 respect if you like my hints. Thank you

  • I am stuck for a week. can someone give me "hint" how to upload r****** s****. I always got "CSRF" message

  • could I get some help on getting a shell? I have looked at the GitHub code for the webbap ... I have the exploit but just cant get a call back ... im sure it somthing stupid that Im missing

  • Type your comment> @herapen09 said:

    I am stuck for a week. can someone give me "hint" how to upload r****** s****. I always got "CSRF" message

    I'm lost...need HELP

  • Hello everyone, just rooted this box but not without the help of this great community. If anyone needs help you can PM me. Hints hopefully without spoiling, for the script to run you need to find 3 parameters and time travel is both back and forward in time. for root linenum and searchsploit your way to root.

  • I am able to find my file if it's a jpg or txt. But I can't get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.

  • Type your comment> @FlompyDoo said:

    I am able to find my file if it's a jpg or txt. But I can't get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.

    Don't believe everything u read ;)

    cyberus17l

  • PM me if you want hints on 3k port - Also I need help on using the user account and the scripts, they (and my other enum) are not returning as expected.

  • I am trying to get user using the authenticated exploit (S** I********) having the creds, but it does not seem to give me the expected results. Did anyone tried it recently and had a good result with it?

  • edited April 2019

    Spent hours on this box, and I can't even get the credentials through the high port. Please PM with any help

    EDIT: Finally managed to get user and root. Thanks to @JGruloos @ghost0437 and @CyprusDonkey for the help.

    Only managed to get through the unauth way. Would appreciate a PM on the credentials part though. At least just how to the endpoint on the XXXX port

Sign In to comment.