onetwoseven

145791019

Comments

  • Type your comment> @IgorLB said:

    Type your comment> @Ripc0rd said:

    stuck on "unkown plugin type" can anyone lend a hand?

    Try to create your own plugin step by step. Start from a copy of existed, make little changes and check :)

    Why do we need to replicate a plugin? I uploaded a file without replicating anything.

  • For those that can't find their "plugin". Try to check directories again.

    v1ew-s0urce.flv
  • I have access to the high port panel. But how to find the credentials for the kingdom panel?

  • Hi there,
    I managed to get the user flag and have a shell on the box.
    I think I know what needs to be done to get the root flag, leveraging a*****-****** and I have a high level idea on how to do that. I have already a couple of things set up and working, I believe I am very close.
    Could someone PM me for help to perform the last couple of steps ?

  • Type your comment> @PavelKCZ said:

    GordonFreeman: thx for the info. I was asking because I read somewhere that for OSCP, you must do five boxes during 24 hours or something similar.

    And I tried to imagine, what I should learn if I would like to do five boxes like OTS during 24 hours...

    Off topic: There are around 60 machines in the OSCP lab. If you are able to root min 75-80% of the machines, reach also the admin subnet and root the admin machines then you can assume that you are enough prepared for the 24h OSCP exam.
    Working on these number of machines in 2-3 months (depends on your lab time) gives a nice routine which helps to manage the 5 machines in 24 hours.

    Hack The Box

  • edited April 2019

    Type your comment> @D4n1aLLL said:

    Type your comment> @IgorLB said:

    Type your comment> @Ripc0rd said:

    stuck on "unkown plugin type" can anyone lend a hand?

    Try to create your own plugin step by step. Start from a copy of existed, make little changes and check :)

    Why do we need to replicate a plugin? I uploaded a file without replicating anything.

    You need not. :lol:
    Just because this box (1-2-7) is constantly changing, "step-by-step" method might help not to stuck after such changes.

  • I am currently stuck at a location, after s**p access, and I have enumerated what I believe to be my path to gaining a user shell but it is not acting the way I understand. I have done a good bit of research and found myself running in a circle now. Would anyone be willing to PM me so I can explain my thought process and steps, then provide me with a nudge only. I feeling like I am extremely close, but hitting a wall (happens often when being away from the practice for sometime). Thank you all!

  • edited April 2019

    Rooted. Just wanna say to @jkr... holy shit. Well done!!! This is hands down the most fun I've had on HTB in the month I've been a member. Phenomenal job and thank you for all your work on this awesome box. Learned a ton and the vector for root is something I've never seen before. Had a blast!

    Now that that's out of the way, here's my tips for those that are hung up.

    [ * ] Use HELP. Examine your environment. Think of what you can leverage.
    [ * ] Read everything you can lay your grubby little hands on.
    [ * ] Again. Read. EVERYTHING. Take plenty of notes.
    [ * ] Once you work backwards and pop user, prep for root!
    [ * ] Prepare to do everything locally. Custom exploitation out the ass!
    [ * ] RTFM. Seriously. 99% of what you need is in the man pages.
    [ * ] "Measure twice, cut once." Debugging/Deployment == slowwww...

    Above all else, have fun! This box is not the CTF shitshow we've seen repeatedly recently. Literally everything you need is staring you in the face from start to finish.

  • What a ride. An instant HTB classic! Up there with the other HTB *nix greats (holiday, joker, jail, ariekei, reddish, etc) in my opinion. Extremely well thought out - gotta love boxes that teach you new tricks. Excellent work @jkr cheers for creating it and I hope you make more boxes.

    delosucks

  • I can only agree to delo: Very nice, well prepared and somehow challenging. Learned again some new tricks, and will use the priv esc for awareness if @jkr allows for that ;)
    Looking forward to your next one!

  • Before going too deep in a rabbit hole, about root. One of the steps is changing the h***_****y, right?

  • edited April 2019

    thank bro #Alurith for the help

  • Type your comment> @Alurith said:

    Before going too deep in a rabbit hole, about root. One of the steps is changing the h***_****y, right?

    Yes.

  • edited April 2019

    .

    limbernie
    Write-ups | Discord - limbernie#0386

  • My first root on htb. If that was easy, I would hate to see what a difficult box is going to be like. When watching ippsec videos - root always seems to involve a lot less work than this one did :) - great box though.

  • edited April 2019

    I'm trying to get my keyboard in my a * I found user.txt ... Yes I found It. 3 days after I had my shell on this box XD the user.txt is very close. Do not search so far like me :)

  • Excellent box after all - finally managed to root this after fighting with the privesc for quite a while..

    In the end the exploit is & was quite simple & stands out if you enumerate properly, and there is a related blog post available online explaining a very similar attack if you know exactly what to google for based on the enum findings.

    Really polished & well thought through box, props to the maker! :star:
    And huge props to @dividebyzer0 for kicking me in the right direction & helping out when I started overthinking an after all simple exploit.

  • That was an excellent box. The a-g priv-esc was a ride. Special thanks to PavelKCZ for getting me out of plugin directory hell as well.

    If anyone needs a hand, feel free to message me!

  • Awesome box from @jkr. 50pts would really be icing on the cake.

    https://imgur.com/sT1RIRV

    limbernie
    Write-ups | Discord - limbernie#0386

  • That was one of the coolest boxes I've rooted on HTB.
    Great job @jkr !

    Thanks a lot to @lantog for helping out with root-hints!

  • Finally rooted. It was really tricky at some parts, but definitely a fun box.
    Thanks for the help @dividebyzer0 and @dreamerscoffee

  • need a small nudge for finding credentials, i have access to the admin panel but i have not been able to grab any credentials.

  • Thank @jkr for this interesting machine and for its constant improvement :lol:
    And @dreamerscoffee - he stopped me when this cycle of reading was becoming to be endless.
    Therefore I repeat after RJ - RAFO. Not WOT but documentation, manpages and guides :lol: All this puzzle needs to solve - is thoughtful reading of documentation.

    Enumerate processes, document what they were supposed to do and create your module. Use weakness of this machine - not possible exploits.

  • need a small nudge for finding credentials, i have access to the admin panel but i have not been able to grab any credentials. Found the /addon/ folder as well

  • How do u get a shell? I have a php shell but it gives me 403 error. even when i tested with a file that was not present like ex.php, instead of giving a not found, it gave me 403. How do i change the server to accept php file? Or any other ways?

  • Type your comment> @Alpha19IR1 said:

    How do u get a shell? I have a php shell but it gives me 403 error. even when i tested with a file that was not present like ex.php, instead of giving a not found, it gave me 403. How do i change the server to accept php file? Or any other ways?

    Try to look and check the code of modules you already see in the admin section. Make your own based on them. Change step by step then if you have to.

  • This box is a true work of art. Thank you!

  • I feel like I'm on the right path to root. Can anyone PM me to discuss it? I don't wanna spam all you guys who rooted this box..

    Hack The Box

  • Off topic: There are around 60 machines in the OSCP lab. If you are able to root min 75-80% of the machines, reach also the admin subnet and root the admin machines then you can assume that you are enough prepared for the 24h OSCP exam.
    Working on these number of machines in 2-3 months (depends on your lab time) gives a nice routine which helps to manage the 5 machines in 24 hours.

    I didn't have too much time in OSCP labs. I only had a budget for 30 days of lab time. Since I was new to penetration testing I was trying to do as much as I can in those 30 days (taking into account that I have daily job and family). All in all I manage to root less than 20 machines although I concentrated on the hardest ones. The rest I was practicing on HTB and learning by watching IPSEC videos. Those <20 machines plus HTB practice was more that enough to pass OSCP exam. It took me aprox 1.5h per OSCP exam machine. Doing mid level HTB machines were very helpful to me.

  • guy i found admin port 6*8** and i need to tunnel is through ssh. need help. i did lot of commands.

Sign In to comment.