Ghoul

awesome box )) just rooted. Its really cool. Thx

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Seems like the service on :80 is broken/hung at this point. I’ve reset the box a couple times and it doesn’t seem to fix it. I was poking around at this box earlier this week without that problem. Now it just won’t really respond.

Edit: Switching to a different US Lab doesn’t help.

Where is root.txt file?
any idea?

Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

what you may want to do and i know im going to get in trouble for this lol

Reset it 2 times in a row i did and now it pops every attempt feel free to pm me maybe your command is wrong this gave me an issue

Not sure if that’s sound advice; I’ve been noticing back to back double resets by people for Ghoul in shoutbox @wabafet

I can confirm, reseting twice in a row fixes the issue. Thanks @wabafet !!

Got user. <3 That was fun

@SamBugler said:
Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

May be you can use the snake to get rce.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

I think I know the issue.
It’s because someone else is also using the same repo name.
If you don’t clean it up that will happen.
try changing the repo name.
It should work then

.

@Lorcheiro said:
Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks

Hack The Box

Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

@Xentropy said:
Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Type your comment> @MisterBert0ni said:

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Thanks ! Glad you enjoyed and half the credit goes to @egre55 :slight_smile:

■■■■ near a week on this box but finally rooted. Holy ■■■■. What a ride. We need more of these!!!

That said, the last root.txt troll was a bit “much” in my opinion. The other “trolls” were pretty legit, though. Otherwise, I learned a ton from this one. ■■■■ sure couldn’t have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.

Good ■■■■ guys. Thanks for the ride.

Type your comment> @MisterBert0ni said:

@Xentropy said:
Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Haha, and all this time I figured it was my enumeration failing. Thanks. :slight_smile:

Edit: got user! If you see the user.txt troll keep enumerating! You’re not far away.

On to root…