Hint for HELP

Hi everyone, I could use a nudge. Not really sure where to start here. Read through other’s comments but still feeling kinda lost. Would appreciate some help.

Soooooo… Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

Type your comment> @H0nestAbe said:

Hi everyone, I could use a nudge. Not really sure where to start here. Read through other’s comments but still feeling kinda lost. Would appreciate some help.

What have you found? What have you used? Finding a way in is easy if you scan for it.

Type your comment> @keithschm said:

Soooooo… Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

I am on same boat, Any body can please PM with help. Pls

I need help with my shell , please someone help . Ive got the correct method but the shells fails to load.
I dont know why , i have tried every everything and im running out of options

so… got user. my real estate agent helped me with there common saying.

on to r00t

edit r00t!!! thanks all

PM for help!!!

Just owned Help! I would agree with what is said here, ‘user’ was more complex than ‘root’. I’ve gone down a few rabbit holes here there, but yeah, this box is simpler than I originally thought.

Great box by @cymtrick ! Much to learn! And thanks for all the hints provided by earlier users! You guys are awesome! This is officially my 2nd active box immediately after Netmon! Being a newbie wanting to pursue offsec, HTB (and its community of users) is an awesome tool for learning!

Here are some of general tips I can think of:

  1. Enumeration is key. Not just enumeration from outside, but from within as well (once you’re in, that is). Gather as much info about the box using tools you have at your disposal. Clues will help guide/lead you to the next possible step.
  2. I haven’t tried not doing the “time travel” thing. So I can’t refute if it works without such changes. Maybe I’ll try that later?
  3. I didn’t use the “high road” since I’m not a developer and have no experience dabbling in that service. My background is network & infra, so instead, I took the path where the usual traffic is :wink:
  4. As said by other folks, the source code I found when I was searching for the vuln helped me understand what the application does to that which you send over. So yeah, to be a bit explicit, don’t believe what the error tells you. :wink:
  5. Once you gain foothold, user will just be around the corner. Then, gather info about that host you just got in to (i.e. enumeration, as with #1). Then, refer to some earlier tips/URLs mentioned here about attaining more breadth and depth.

Got a bit delayed since I had to repeat 2x since the box was reset earlier after I first got user.

Hope I didn’t give too much away. Apologies if I got carried away. Hit me up if you need some nudge.

Cheers!

@keithschm I have been trying to find a way through via n***.** with no real luck.

I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Got the user in two different ways, awesome box to pwn, gonna go for root now.

I enjoy boxes like this, you can learn so much about so many different stuff if you want to.

As a note, just trust its coders failure to handle stuff not what they want you to believe!

If you wanna have some programming side challenges don’t spoil yourself with the exploit out there, use it but try to understand it and figure out the “time” part yourself, you may need to fresh up on some libraries tho :smiley: take close look at all the stuff that comes from the server!

EDIT: Got root :wink: compare to how much you need to jump around for user, root was fairly straight forward. 1. enumerate, 2. google , 3. pwn, 4. have a cup of coffee or a beer or both

Interesting machine!

I’ve got the user in a different way and not in the intended one (I believe is the one throught the high port).

Hint to get a shell: DeLorean (if you don’t know what does this mean, you need to invest at least a couple of hours to get some culture :wink: )

As others have said before me, to get root it’s enough to follow the basic enumeration techniques, don’t overthink.

PM me if you want a hint.

@Invert said:
I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Do you always believe everything you read?

Got my Reverse Shell. Trying to get root two days now. I am serioysly stuck. Could someone provide any serious hints? Used every bit of g0tmi1k guide but still couldn’t priv esc…

Type your comment> @keithschm said:

@Invert said:
I’m struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
file not allowed or words to that effect.

Do you always believe everything you read?

Maybe I shouldn’t :tired_face:

Type your comment> @herapen09 said:

Type your comment> @herapen09 said:

Type your comment> @herapen09 said:

I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message

I’m lost…need HELP

find link used python script and paste the link and got an error “whoops”…please give me a hint what’s next

still got stuck…py exploit link didn’t work…need help

guys, I can’t change the script’s time to match the server, can you direct me where I can learn this?

@Adamczyk check application’s github code and how it hashes the files before uploading them. Then bruteforce… time.

Type your comment> @Adamczyk said:

guys, I can’t change the script’s time to match the server, can you direct me where I can learn this?

If you cant match the time match the place???

exploit for root… is necesary change the C***_O*****???
_P****_T*****_A***_S******** 200809
sorry my poor english.
hit me, pls

Hi! I’m stucked on the script, i dont know if i have to had the same time as the server, i dont know what to do.

Thanks