Luke

17810121323

Comments

  • Hi I've rooted the box through 8*** F******** T******.

    i was just trying for the fun of it to get a shell running through NC to my own terminal but i failed to find out how to do this. can someone give me some help on how to do this. just for learning purposes cause i already got thr root flag.

    thx

  • Type your comment> @bakemonozero1 said:

    Type your comment> @Dreadless said:

    Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can't seem to use any of them to get into this bloody machine! can someone lend a hand please :)

    Did you find all the loginpageS on 80?

    Now i'm thinking I havent.... will re-scan!

    Hack The Box

  • Type your comment> @bakemonozero1 said:

    Type your comment> @Dreadless said:

    Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can't seem to use any of them to get into this bloody machine! can someone lend a hand please :)

    Did you find all the loginpageS on 80?

    all I find is a css file. no where to actually log in. unless i am missing something

    Hack The Box

  • Type your comment> @Dreadless said:

    Type your comment> @bakemonozero1 said:

    Type your comment> @Dreadless said:

    Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can't seem to use any of them to get into this bloody machine! can someone lend a hand please :)

    Did you find all the loginpageS on 80?

    all I find is a css file. no where to actually log in. unless i am missing something

    some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist

  • Hi,
    Any special wordlist to use when using dirbuster/dirsearch. Been at it for a while now, with no tokens are users being discovered.

  • Type your comment> @bakemonozero1 said:

    Type your comment> @Dreadless said:

    Type your comment> @bakemonozero1 said:

    Type your comment> @Dreadless said:

    Hi I have managed to get all the Creds from dbinfo plus all the creds from curl but i can't seem to use any of them to get into this bloody machine! can someone lend a hand please :)

    Did you find all the loginpageS on 80?

    all I find is a css file. no where to actually log in. unless i am missing something

    some dirsearchers dont pay attention to 401 responses try using dirb with the big filelist

    thank you I got root and user! was a pain to log in but when i found it, it was obvious lol big list was a great help!

    Hack The Box

  • ROOOTED!

    Thx @illuminatiguy helped me to realize I was using a stupid -s flag killing my c**l output for the token!

    Once I got the token I had already enumerated enough to get everything without problems..

    Honestly this machine shouldn't be 30 points.

    If you need Help PM me :)

    Hack The Box

  • Have spent the better part of the searching for everything you guys mentioned here but no closer to getting anywhere 😔
    Anyone willing to pm me a life line?

  • Can somebody PM me to give me a hint?

    Got the DB cred and several Login pages.

    Dont know what to "play" with the auth on port 3000.
    Read the medium article, but I don't know how to make this command sequence work.

  • Can someone PM me, {"success":false,"message":"Token is not valid"}, getting this error when following the medium guide. Just want to confirm syntax.

  • edited June 2019

    I got the creds and know where to use them, but still not able to authorize, is someone facing the same issue??

    Edit: just reset the box and it got fixed.

    Finally rooted

  • anyone got reverse shell on this box?

  • Type your comment> @Hannes08 said:

    anyone got reverse shell on this box?

    I did not need to spawn a reverse shell on this box at all...

    If my comment somehow helped you, you can show your appreciation with a Respect :)
    https://www.hackthebox.eu/home/users/profile/117977

  • rooted, thanks for the hints @pkaiser and @d3f3u17

    As always, here to help anyone who needs it.

  • Rooted, thanks to @hacksack07 for the help with the t****.
    Fun box.
    Feel free to PM me if you need some hints.

  • Can somebody PM me to give me a hint?

    Got the DB cred and several Login pages.

    Dont know what to "play" with the auth on port 3000.
    Read the medium article, but I don't know how to make this command sequence work.

  • Type your comment> @Cli3nt said:

    Can somebody PM me to give me a hint?

    Got the DB cred and several Login pages.

    Dont know what to "play" with the auth on port 3000.
    Read the medium article, but I don't know how to make this command sequence work.

    use creds of the user with role "Web-Admin" on /man****nt page :)

  • @Hannes08 said:
    anyone got reverse shell on this box?

    you don't need a reverse shell..... you already have it :)

  • edited June 2019

    stuck for 2 days i dont understand how to freaking get that access on the odd port. just have that pwd found in that c*****.*** file, a bunch of usernames but having problem with **r* for the request. need a nudge. tried different users but always get Forbidden. i'm enumerating since yesterday but can't find anything else.

    EDIT: Solved. thx to @CKasper

  • edited June 2019

    Got 1 cred and 3 login page, is there anything else that I'm missing? Should I enumerate more on port 3?

  • Type your comment> @M160 said:

    Got 1 cred and 3 login page, is there anything else that I'm missing? Should I enumerate more on port 3?

    You need to find more "users", so you should curl on?.......

  • Could I get a nudge? I think I have enumerated most everything. I am missing something.

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • finally rooted the box after several weeks (newbie here). many thanks to @zweeden @MarcelBC and @KnightyLion for all the help I needed. Cheers!!!

  • Rooted:)
    Normalnaya tachka, learnt quite interesting things with JWT and playing with requests;)
    Thanks to @GibParadox
    Feel free to help.

    68833

  • edited June 2019

    Can someone PM me a nudge for the odd port just can't seem to get the correct c*** syntax down.

    Edit: got the token and the list of users, but can't seem to get the passwords now...PM with hints please!

  • Popped it.

    Here are my hints:
    Enumerate the crap out of it.
    Find the goodies on one port, use the goodies on another port.. (google if you can't figure out how)
    Even MORE goodies here, try these goodies out somewhere else.
    after that... yup, another goodie. The final goodie.

    DM for nudges. Let me know what you've done so far.

    rub1ks
    Find me on Discord: rub1ks #4045

  • Hey guys can anyone PM me on the JWT token I am not sure iam doing it right

    Someone PM and help if you can stuck for one week

  • Folks any help for where to get the token? Have found the DB creds, but it seems that I can't use it nowhere at the moment. or please PM me if needed :(

  • edited June 2019

    Any one that can pm me, pertaining to the curl syntax - it would be greatly appreciated.

    Edit: Got User & Root.
    User was definitely the more difficult one, since it requires a syntax, and if you're not familiar with jwt bearer tokens, it could be a very big pain in the ass.

    Hack The Box

  • this box is meh

    Hack The Box

Sign In to comment.