Hint for HELP

Type your comment> @megaHEX said:

I know I’m close, and I’m sure I’m doing something stupid to not get the *** shell. Can anyone tell me the correct path to write up when running the 40***.py exploit? At first I had “support/?v=submit_ticket” and the exploit found the file but that kept giving me links to 404 pages.
I then tried “support/uploads/tickets” and mind you - I run the exploit right before I press upload since the box is time sensitive, yet exploit.py still does not find any file.
Anyone who can help me with this one aspect, please feel free to DM me, before I lose my mind over this one box.

Hack The Box

Make sure to read the exploit you’re trying to use and understand what it does, that’ll help you understand why what you’re doing might not be working.

Hi guys , I got user but my shell keeps dying on me and i dont know if thats the intension of the server or im missing something in my Web Shell Exploit.
Could anyone please help bro out ?
I have the correct path thanks to @mogyub .

Type your comment> @bkmstar said:

Hi guys , I got user but my shell keeps dying on me and i dont know if thats the intension of the server or im missing something in my Web Shell Exploit.
Could anyone please help bro out ?
I have the correct path thanks to @mogyub .

Are you on free? I’d keep an eye out on the shoutbox to make sure people aren’t resetting the box. If that’s not the reason then I’m not sure myself, didn’t have that problem.

I need some help on making the time traveling script work I can’t manage to find my payload, please pm me

Edit: Got root.

I’m at the Priv Esc phase. However, the shell doesn’t let you download anything via wget so unable to use LinEnum exploit or 44298 exploit.
I don’t know if anyone else has that same issue.
If I’m unable to download onto the shell, then anyone have any other ways to produce Priv Esc? Feel free to dm me.

Hack The Box

Hi everyone, I could use a nudge. Not really sure where to start here. Read through other’s comments but still feeling kinda lost. Would appreciate some help.

Soooooo… Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

Type your comment> @H0nestAbe said:

Hi everyone, I could use a nudge. Not really sure where to start here. Read through other’s comments but still feeling kinda lost. Would appreciate some help.

What have you found? What have you used? Finding a way in is easy if you scan for it.

Type your comment> @keithschm said:

Soooooo… Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

I am on same boat, Any body can please PM with help. Pls

I need help with my shell , please someone help . Ive got the correct method but the shells fails to load.
I dont know why , i have tried every everything and im running out of options

so… got user. my real estate agent helped me with there common saying.

on to r00t

edit r00t!!! thanks all

PM for help!!!

Just owned Help! I would agree with what is said here, ‘user’ was more complex than ‘root’. I’ve gone down a few rabbit holes here there, but yeah, this box is simpler than I originally thought.

Great box by @cymtrick ! Much to learn! And thanks for all the hints provided by earlier users! You guys are awesome! This is officially my 2nd active box immediately after Netmon! Being a newbie wanting to pursue offsec, HTB (and its community of users) is an awesome tool for learning!

Here are some of general tips I can think of:

  1. Enumeration is key. Not just enumeration from outside, but from within as well (once you’re in, that is). Gather as much info about the box using tools you have at your disposal. Clues will help guide/lead you to the next possible step.
  2. I haven’t tried not doing the “time travel” thing. So I can’t refute if it works without such changes. Maybe I’ll try that later?
  3. I didn’t use the “high road” since I’m not a developer and have no experience dabbling in that service. My background is network & infra, so instead, I took the path where the usual traffic is :wink:
  4. As said by other folks, the source code I found when I was searching for the vuln helped me understand what the application does to that which you send over. So yeah, to be a bit explicit, don’t believe what the error tells you. :wink:
  5. Once you gain foothold, user will just be around the corner. Then, gather info about that host you just got in to (i.e. enumeration, as with #1). Then, refer to some earlier tips/URLs mentioned here about attaining more breadth and depth.

Got a bit delayed since I had to repeat 2x since the box was reset earlier after I first got user.

Hope I didn’t give too much away. Apologies if I got carried away. Hit me up if you need some nudge.

Cheers!

@keithschm I have been trying to find a way through via n***.** with no real luck.

I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Got the user in two different ways, awesome box to pwn, gonna go for root now.

I enjoy boxes like this, you can learn so much about so many different stuff if you want to.

As a note, just trust its coders failure to handle stuff not what they want you to believe!

If you wanna have some programming side challenges don’t spoil yourself with the exploit out there, use it but try to understand it and figure out the “time” part yourself, you may need to fresh up on some libraries tho :smiley: take close look at all the stuff that comes from the server!

EDIT: Got root :wink: compare to how much you need to jump around for user, root was fairly straight forward. 1. enumerate, 2. google , 3. pwn, 4. have a cup of coffee or a beer or both

Interesting machine!

I’ve got the user in a different way and not in the intended one (I believe is the one throught the high port).

Hint to get a shell: DeLorean (if you don’t know what does this mean, you need to invest at least a couple of hours to get some culture :wink: )

As others have said before me, to get root it’s enough to follow the basic enumeration techniques, don’t overthink.

PM me if you want a hint.

@Invert said:
I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Do you always believe everything you read?

Got my Reverse Shell. Trying to get root two days now. I am serioysly stuck. Could someone provide any serious hints? Used every bit of g0tmi1k guide but still couldn’t priv esc…

Type your comment> @keithschm said:

@Invert said:
I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Do you always believe everything you read?

Maybe I shouldn’t :tired_face:

Type your comment> @herapen09 said:

Type your comment> @herapen09 said:

Type your comment> @herapen09 said:

I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message

I’m lost…need HELP

find link used python script and paste the link and got an error “whoops”…please give me a hint what’s next

still got stuck…py exploit link didn’t work…need help