Ghoul

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

what you may want to do and i know im going to get in trouble for this lol

Reset it 2 times in a row i did and now it pops every attempt feel free to pm me maybe your command is wrong this gave me an issue

Not sure if that’s sound advice; I’ve been noticing back to back double resets by people for Ghoul in shoutbox @wabafet

I can confirm, reseting twice in a row fixes the issue. Thanks @wabafet !!

Got user. <3 That was fun

@SamBugler said:
Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

May be you can use the snake to get rce.

Type your comment> @SamBugler said:

Anybody else having difficulty getting RCE on g*** server to execute? Everything seems to go smoothly but RCE seems to never occur.

I think I know the issue.
It’s because someone else is also using the same repo name.
If you don’t clean it up that will happen.
try changing the repo name.
It should work then

.

@Lorcheiro said:
Know about the authentication port but no idea of creds, are they in rockyou.txt? Should I guess? Are they related with tokio ghoul? DM me, thaanks

Hack The Box

Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

@Xentropy said:
Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Type your comment> @MisterBert0ni said:

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Thanks ! Glad you enjoyed and half the credit goes to @egre55 :slight_smile:

■■■■ near a week on this box but finally rooted. Holy ■■■■. What a ride. We need more of these!!!

That said, the last root.txt troll was a bit “much” in my opinion. The other “trolls” were pretty legit, though. Otherwise, I learned a ton from this one. ■■■■ sure couldn’t have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.

Good ■■■■ guys. Thanks for the ride.

Type your comment> @MisterBert0ni said:

@Xentropy said:
Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Haha, and all this time I figured it was my enumeration failing. Thanks. :slight_smile:

Edit: got user! If you see the user.txt troll keep enumerating! You’re not far away.

On to root…

I’ve been poking around at the upload, however not finding anything unusual yet with an archive.

actually where is root.txt. i rooted go* * server . and i got ao**r*-**p.7z any hint :frowning:

Edit: rooted.
thanks @0xRick @moxic @cyberus @JonnyVTMRF
I learned a lot

rooted! And I learned a lot on this one. thanks, I hate it.

“You’ve done well to come upto here human. But what you seek doesn’t lie here. The journey isn’t over yet…”

40 points huh?

Feel free to PM if you need help :slight_smile: !