Ghoul

wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise

and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.

help plz
machine-ghoul
i am stuck at the file upload at ip:8080/index.html
i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help

Root was a lot of fun, had to automate pretty much everything, especially the last stepā€¦ Probably the worst machine Iā€™ve seen so far, but in a good way.

finally root ā€¦ what a journey

awesome box )) just rooted. Its really cool. Thx

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Seems like the service on :80 is broken/hung at this point. Iā€™ve reset the box a couple times and it doesnā€™t seem to fix it. I was poking around at this box earlier this week without that problem. Now it just wonā€™t really respond.

Edit: Switching to a different US Lab doesnā€™t help.

Where is root.txt file?
any idea?

Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

what you may want to do and i know im going to get in trouble for this lol

Reset it 2 times in a row i did and now it pops every attempt feel free to pm me maybe your command is wrong this gave me an issue

Not sure if thatā€™s sound advice; Iā€™ve been noticing back to back double resets by people for Ghoul in shoutbox @wabafet

I can confirm, reseting twice in a row fixes the issue. Thanks @wabafet !!

Got user. <3 That was fun

@SamBugler said:
Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

May be you can use the snake to get rce.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

I think I know the issue.
Itā€™s because someone else is also using the same repo name.
If you donā€™t clean it up that will happen.
try changing the repo name.
It should work then

.

@Lorcheiro said:
Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks

Hack The Box

Am I daft? Iā€™ve enumerated both sites both with custom wordlists and more ā€œstandardā€ ones but I still canā€™t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

@Xentropy said:
Am I daft? Iā€™ve enumerated both sites both with custom wordlists and more ā€œstandardā€ ones but I still canā€™t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.