Hint for HELP

1212224262729

Comments

  • After several hours got the root and user!
    Thank you for the support guy!

    hint for user:
    1. Dont trust what they said trust what they wrote

    Hint for Root:
    1. Research always the best solution.

  • Type your comment> @megaHEX said:

    I know I'm close, and I'm sure I'm doing something stupid to not get the *** shell. Can anyone tell me the correct path to write up when running the 40***.py exploit? At first I had "support/?v=submit_ticket" and the exploit found the file but that kept giving me links to 404 pages.
    I then tried "support/uploads/tickets" and mind you - I run the exploit right before I press upload since the box is time sensitive, yet exploit.py still does not find any file.
    Anyone who can help me with this one aspect, please feel free to DM me, before I lose my mind over this one box.

    Hack The Box

    Make sure to read the exploit you're trying to use and understand what it does, that'll help you understand why what you're doing might not be working.

    mogyub

  • Hi guys , I got user but my shell keeps dying on me and i dont know if thats the intension of the server or im missing something in my Web Shell Exploit.
    Could anyone please help bro out ?
    I have the correct path thanks to @mogyub .

  • Type your comment> @bkmstar said:

    Hi guys , I got user but my shell keeps dying on me and i dont know if thats the intension of the server or im missing something in my Web Shell Exploit.
    Could anyone please help bro out ?
    I have the correct path thanks to @mogyub .

    Are you on free? I'd keep an eye out on the shoutbox to make sure people aren't resetting the box. If that's not the reason then I'm not sure myself, didn't have that problem.

    mogyub

  • edited April 25

    I need some help on making the time traveling script work I can't manage to find my payload, please pm me

    Edit: Got root.

  • edited April 24

    I'm at the Priv Esc phase. However, the shell doesn't let you download anything via wget so unable to use LinEnum exploit or 44298 exploit.
    I don't know if anyone else has that same issue.
    If I'm unable to download onto the shell, then anyone have any other ways to produce Priv Esc? Feel free to dm me.

    Hack The Box

  • Hi everyone, I could use a nudge. Not really sure where to start here. Read through other's comments but still feeling kinda lost. Would appreciate some help.

  • Soooooo... Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

  • Type your comment> @H0nestAbe said:

    Hi everyone, I could use a nudge. Not really sure where to start here. Read through other's comments but still feeling kinda lost. Would appreciate some help.

    What have you found? What have you used? Finding a way in is easy if you scan for it.

  • Type your comment> @keithschm said:

    Soooooo... Found the app, found the way in. I have the app running locally and can use the exploit. it can not find my file on the server. I did c*** -v and can see that the server is not in the same place I am. I adjusted the exploit for that. I also looked at the source of the page where I am trying to upload and found the right path to the file. But I still can not find the file . Should I be looking at when my treat expires or today?

    I am on same boat, Any body can please PM with help. Pls

  • I need help with my shell , please someone help . Ive got the correct method but the shells fails to load.
    I dont know why , i have tried every everything and im running out of options

  • edited April 25

    so... got user. my real estate agent helped me with there common saying.

    on to r00t

    edit r00t!!! thanks all

    PM for help!!!

  • Just owned Help! I would agree with what is said here, 'user' was more complex than 'root'. I've gone down a few rabbit holes here there, but yeah, this box is simpler than I originally thought.

    Great box by @cymtrick ! Much to learn! And thanks for all the hints provided by earlier users! You guys are awesome! This is officially my 2nd active box immediately after Netmon! Being a newbie wanting to pursue offsec, HTB (and its community of users) is an awesome tool for learning!

    Here are some of general tips I can think of:
    1. Enumeration is key. Not just enumeration from outside, but from within as well (once you're in, that is). Gather as much info about the box using tools you have at your disposal. Clues will help guide/lead you to the next possible step.
    2. I haven't tried not doing the "time travel" thing. So I can't refute if it works without such changes. Maybe I'll try that later?
    3. I didn't use the "high road" since I'm not a developer and have no experience dabbling in that service. My background is network & infra, so instead, I took the path where the usual traffic is ;)
    4. As said by other folks, the source code I found when I was searching for the vuln helped me understand what the application does to that which you send over. So yeah, to be a bit explicit, don't believe what the error tells you. ;)
    5. Once you gain foothold, user will just be around the corner. Then, gather info about that host you just got in to (i.e. enumeration, as with #1). Then, refer to some earlier tips/URLs mentioned here about attaining more breadth and depth.

    Got a bit delayed since I had to repeat 2x since the box was reset earlier after I first got user.

    Hope I didn't give too much away. Apologies if I got carried away. Hit me up if you need some nudge.

    Cheers!

    wingsofwax

  • @keithschm I have been trying to find a way through via n*. with no real luck.

  • I'm struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
    file not allowed or words to that effect.

  • edited April 26

    Got the user in two different ways, awesome box to pwn, gonna go for root now.

    I enjoy boxes like this, you can learn so much about so many different stuff if you want to.

    As a note, just trust its coders failure to handle stuff not what they want you to believe!

    If you wanna have some programming side challenges don't spoil yourself with the exploit out there, use it but try to understand it and figure out the "time" part yourself, you may need to fresh up on some libraries tho :smiley: take close look at all the stuff that comes from the server!

    EDIT: Got root :wink: compare to how much you need to jump around for user, root was fairly straight forward. 1. enumerate, 2. google , 3. pwn, 4. have a cup of coffee or a beer or both

  • Interesting machine!

    I've got the user in a different way and not in the intended one (I believe is the one throught the high port).

    Hint to get a shell: DeLorean (if you don't know what does this mean, you need to invest at least a couple of hours to get some culture ;-) )

    As others have said before me, to get root it's enough to follow the basic enumeration techniques, don't overthink.

    PM me if you want a hint.

    Hack The Box

    Message me with 1) Problem description 2) What did you try so far? 3) Your ideas about next steps

    If you appreciate my help, please give me +1 respect
    https://www.hackthebox.eu/home/users/profile/57582

  • @Invert said:
    I'm struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
    file not allowed or words to that effect.

    Do you always believe everything you read?

  • edited April 26

    Got my Reverse Shell. Trying to get root two days now. I am serioysly stuck. Could someone provide any serious hints? Used every bit of g0tmi1k guide but still couldn't priv esc...

  • Type your comment> @keithschm said:

    @Invert said:
    I'm struggling to get anywhere with this one, looking for a little help. If someone could PM me with a hint regarding how to submit a ticket, as I keep getting
    file not allowed or words to that effect.

    Do you always believe everything you read?

    Maybe I shouldn't :tired_face:

  • Type your comment> @herapen09 said:

    Type your comment> @herapen09 said:

    Type your comment> @herapen09 said:

    I am stuck for a week. can someone give me "hint" how to upload r****** s****. I always got "CSRF" message

    I'm lost...need HELP

    find link used python script and paste the link and got an error "whoops"...please give me a hint what's next

    still got stuck...py exploit link didn't work..need help

  • guys, I can't change the script's time to match the server, can you direct me where I can learn this?

  • @Adamczyk check application's github code and how it hashes the files before uploading them. Then bruteforce... time.

  • Type your comment> @Adamczyk said:

    guys, I can't change the script's time to match the server, can you direct me where I can learn this?

    If you cant match the time match the place??????

  • exploit for root.. is necesary change the C_O*****????
    _P****_T*****_A
    _S******** 200809
    sorry my poor english.
    hit me, pls

    rubenix

  • Hi! I'm stucked on the script, i dont know if i have to had the same time as the server, i dont know what to do.

    Thanks

  • edited April 27

    Thankful for all the tips here. I am at the stage where everyone is saying its the easiest - root! I suck at priv esc and definitely need some hints.... I believe I may have found the entry point to priv esc for root but some how I feel that it isn't as well. Please anyone can help?

    update got it thanks guys! Really, don't over think it :D

  • Type your comment> @rubenix said:

    exploit for root.. is necesary change the C_O*****????
    _P****_T*****_A
    _S******** 200809
    sorry my poor english.
    hit me, pls

    Not

  • @refabr1k said:
    Thankful for all the tips here. I am at the stage where everyone is saying its the easiest - root! I suck at priv esc and definitely need some hints.... I believe I may have found the entry point to priv esc for root but some how I feel that it isn't as well. Please anyone can help?

    update got it thanks guys! Really, don't over think it :D

    What is the most basic things your do in priv esc? What can you learn about the box? Then you use what you learn to find the way in. Do not over think!!!!!!!

  • @nygage said:
    Hi! I'm stucked on the script, i dont know if i have to had the same time as the server, i dont know what to do.

    Thanks

    So what can you do to find the time? Where is that info available?

Sign In to comment.