Hint for HELP



  • edited May 2019

    I think I need some help with privesc. I've found a potential pw, but seem to be unable to do anything with it. I've also tried to use an exploit, the output I get leads me to believe I ascended to root, but whoami tells me otherwise. Could use some help.

    EDIT: ROOTED!! PM if you need nudged.

  • This box is really interesting. Its took 2 days for me to get the user as I was stuck with the error message. However, it was much fun to hack this box and I think that getting root is easier then user :) Thanks to @cymtrick for this box. :D

  • I too am among the weary travelers who need 'help' to get a foothold. Have attempted the Null-Byte method but fear I may have have stumbled down a ravine and sprang my brain. Please send 'help' my way fellow pilgrims...

  • I m able to upload my exploit but not sure how to call it back, this is where I am stuck. I am using Pentest monkey reverse shell. no sure what next ?

  • Finally rooted this box.

    I must say user had me scratch my head for a few good hours. Mostly my main issues I was providing a wrong parameter.

    Tips for User:
    Take the high approach. Read what it asks from you. Get credentials and see where you can use them. Find general exploit and run shell. Don't trust every error you get. Account for time.

    Tips for Root:
    Basic enumeration. Search common exploit. Run it and pwn it.

    Thanks for the nudges from @Haxys towards finding user.
    Thanks for the small push from @PavelKCZ to overcome my frustration and root it

    Feel free to PM me for hints/nudges.

    Hack The Box

  • Well, I'm still at it..try harder right, haha. I have tried to rewrite the script and have made little progress on this box. Could really use some advice at this point. I know it will be something silly I overlooked. Time has been checked, and accounted for we are good. Creds have been found, used to log in, we are good. Scripts have been edited for specific purposes, should be good. NC is doin' it's thing, we are good. User accessed....not so good : (

  • Special shout out to @AndreiPintea for the gentle push in the right direction. PM me if you need on as well ; )

  • Lol! I just laughed to myself when I got root. It took too much time for me. I was overthinking about it.

    Hint for root: Just go with basics. Enumerate the system. Maybe you can use a tool for it. Try different exploits if your current exploit is not working.

    Hack The Box

  • Hello, I am able to upload a payload, but not sure how to call it. Can anyone give me a hint?

  • Thank you for this amazing one. I learned a lot. The user was very interesting for a beginner like me.


  • Hey everyone, my third box on here. Currently I found 2 ways, Since Im not super deep into the javascript, I went with first method, I created 2 different shells, I did a bypass but not sure if Im getting the results Im support expect. When you upload you file for the ex****, does it just redirect you back to the main page or do you get some kind of a ticket number and a way to access your upload. If anyone can provide some help in that area, that would be great.

  • to add sorry for bad grammar, and I think it works because I don't get the error for the upload but it just redirects back to the main page.

  • Just got root, if you're stuck on what to do with your upload while getting user you're going to want to do some more google-fu to find the next step (there's some source code digging for a service that can point you in the right direction). Definitely a fun box.

  • I was able to get user and root.

    But I don't know what the high port (3XXX) is for.

    I did query it and obtained the creds (email, and hashed pass) but not sure what to do with them.

    Appreciate if anyone can shed some light.

  • Type your comment> @ekh said:

    I was able to get user and root.

    But I don't know what the high port (3XXX) is for.

    I did query it and obtained the creds (email, and hashed pass) but not sure what to do with them.

    Appreciate if anyone can shed some light.

    Basically with those creds you can access easier the low port. From there it is the same route

    Hack The Box

  • Not too bad, felt like a fool at the start trying to get user. Someone mentioned it, look at the source code and notice what happens to files that are blocked/failed.
    Root was too easy.

    I'm curious about port 3***, DM if you went that route, supposedly there's some creds..?

    Find me on Discord: rub1ks #4045

  • edited May 2019

    gah! I got user pretty quickly, but this privesc being easy is beyond me haha

    edit: got root - I'm a fool


  • needed a kickstart can anyone PM me please i got su***rt page i dont know what to do next

  • I am at a loss trying to bypass the file upload filter. I found the creds using the higher port, and is able to login as a user. I can upload files as jpeg or txt and view them. Tried the null byte methodology and other bypass methods. None are working. The file is served up as a jpeg or txt for downloading as opposed to execution!! Any hints specifically on file upload are much appreciated!

  • edited May 2019

    Any tips on how to upload the file? I am always getting an error

    OSCP | LPIC-1 | LPIC-2 | LPIC-3 | Linux + | Linux+ CE | MTA | CWA

  • Type your comment> @R3S3T said:

    Any tips on how to upload the file? I am always getting an error

    Look at the source code and answer me this: What happens to the files that throw an error? What does the code do with them? Just take your time to understand the code.
    DM me if you still can't get it.

    Find me on Discord: rub1ks #4045

  • edited May 2019

    hi, one of you has the next problem, i get it flag of user.txt, but now when upload de script... this not work , i probe one more time and i change of the server, but the problem persit, thanks.

    rooted!, i great machine, well the key is a enumeration and you can see very good the paths...

  • edited May 2019

    Hi, I am feeling a lot of connection problems (i can access the webpage or ping only for scarce periods of time) in this box, can barely access web page or nmap/gobuster, anyone else feeling this problems?

  • I got user and root, PM if you need help :)

  • Some tips for this box:

    User - enumerate, find exploitable app. don't let warning messages deter you - check if it's open source and see what's going on behind the scenes. be sure to be thorough and double check what/where you're pointing things, adjust any tools or scripts you find to help with debugging.

    Root - guaranteed you're doing TOO much enumeration, think of one of the most basic things you'd check when popping a shell and google to check status.


  • Rooted!

    Thank you to everyone on the forums, especially @atropos for the help in the PMs. Feel free to PM me for any hints! ~ Rags

  • All, I am very new and this is my first box. I am pretty stuck on getting user (I've read the posts here, Nmap done and see the N*** service on port 3***. I saw the object message, but can't crack the riddle. Not sure what to do - a nudge would be appreciated.

  • @ekh @AndreiPintea i use cred with poc (https://www.exploit-db.com/exploits/41200) but it not works,plz help me. 3q

  • Rooted, very easy box if you need help just pm me

  • Having trouble getting user - script isn't working but I understand how it should be working, and what to do. Shoot me a Pm if you can nudge/help =D

Sign In to comment.