Luke

1101113151623

Comments

  • Nice box. Thanks @H4d3s.

  • Rooted. Nice box.

  • Rooted, thanks @lattethunder for the guidance. Learned a lot about curl, JSON tokens, syntax, and enumeration. Also found this website helpful for those that need help understanding the scripts they're writing: https://explainshell.com/

    Probably an easy box for the more experienced but for new guys (myself) it was a nice confidence booster.

  • I'm having a hard time with the correct syntax of c***. Found login pages and cred... Need some help please.

  • Guys I got the user and root. Really thanks for all help that you guys give me and specially for @murderfalcon !

    although I think this box is very CTF, I've learned alot.

    -enumaration (don't rely too much on a single tool)
    - curl
    - jwt token

    really appreciate for all help!

  • Just to reiterate, once you find all the credentials (after the jwt token part), you need to check for websites for 401s!

  • edited June 2019

    Got the token and am able to obtain the different user names, anyone wanna share a pointer on how to obtain the passwords :)?

  • edited June 2019

    Rooted. Port 8* gives some loot to use on port 3***. Enumerate them properly and you'll get what you need.

  • Hey all, this machine is frustrating the hell out of me. I understand that you need to play with c*** to generate a t****, which you then submit to a high service.

    But it doesn't seem to like any tokens I generate. Do they need to be b64 encoded?

    any hints over PM greatly appreciated!

    Hack The Box

  • Rooted, Got stuck for a while trying to figure out where to get the a*** t**** from because I didn't differentiate between the different errors. The "odd" port is really interesting, I learned a lot.
    Feel free to PM for a nudge

    Hack The Box

    GitHub repository with writeups: https://github.com/S7uXN37/HackTheBox

  • can any one help me after get j** tok** i login in odd port and see users i am stuck here

  • Finally rooted.

    I took me a while. Frustrating machine.

    Tips:

    • Use the db credentials with another user name in the 'Webservice'
    • Retrieve the usernames, but you also need to retrieve the passwords, using the same webService.
    • Some login forms are useless, use the credentials obtained before to login onto a webapp.
    • Once inside the webapp, it's straight forward.

    • User and root come together.

    Deleite

  • ROOTED! Thanks for the hints @iamsundi

    It's a easy box you only need enumerate and work with you get.

    If anyone need help ping me

    TigaxMT

  • Great Box, learned a lot about JSON, didn't know much about that..glad i learned something new...root is straight forward, and of course i learned to enumerate in each sites...2nd box finished without hints

    Fighter81

  • edited June 2019
    ROOTED!!!

    Learned a lot about jwt and enumeration.

    Thank you for the hints @S7uXN37

    Pm for the hints
  • I have enumerated a lot. Found 2 strange ports and JSON data. Have 2 login pages but no credentials. Please help.

  • Rooted, thanks to @bash_shabakate for the hint.
    enumeration is the hardest problem, i think.

  • I found db credentials, some login pages, trying to use the found credentials with curl but can't get them to work :(

  • Type your comment> @seke said:

    Type your comment> @v01t4ic said:

    Thanks @iamsundi for his help.
    Now i know that not all seclists are the same. Was missing one URL in my enum results.

    At this point there are more than enough hints on this thread. Especially medium.com tutorial. After you get the token use it as much as possible and use what you found to generate new URLs to get even more info.

    Ok , the medium part I needed to learn but it has frustrated me so much I could no longer think what to do with the users. Nice post mate!

    @TigaxMT said:
    ROOTED! Thanks for the hints @iamsundi

    It's a easy box you only need enumerate and work with you get.

    If anyone need help ping me

    congrats bro

  • Rooted. DM for hints.

  • Rooted. If you need hint, all you need is to read this topic, you will find everything you need.

    kamilonurz

  • Type your comment> @jimmy00 said:

    Just to reiterate, once you find all the credentials (after the jwt token part), you need to check for websites for 401s!

    I could only find one single 401 status page with dirbuster. Is there any more than that? Also, is there any 403 by any chance? I am not able to find it...

    Regards,
    qmi

  • Spoiler Removed

    Regards,
    qmi

  • I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

    ROOTED....
    the biggest difficulty on this box is to get the auth token...
    getting user and root after that step is a joke...
    thanks to all the bros that helped me!!!

  • Type your comment> @darktheli said:

    I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

    ROOTED....
    the biggest difficulty on this box is to get the auth token...
    getting user and root after that step is a joke...
    thanks to all the bros that helped me!!!

    I am having some fun with DirBuster, please do not give me any pointer :)

  • @darktheli said:
    Type your comment> @darktheli said:

    I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

    ROOTED....
    the biggest difficulty on this box is to get the auth token...
    getting user and root after that step is a joke...
    thanks to all the bros that helped me!!!

    I am having some fun with DirBuster, please do not give me any pointer :)

    I am glad, I did not give up. Finally, I pwned this box!

    I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!

  • Type your comment> @darktheli said:

    @darktheli said:
    Type your comment> @darktheli said:

    I got the token but I got stuck here, playing around with Postman but luck, any pointer? > @cptUP said:

    ROOTED....
    the biggest difficulty on this box is to get the auth token...
    getting user and root after that step is a joke...
    thanks to all the bros that helped me!!!

    I am having some fun with DirBuster, please do not give me any pointer :)

    I am glad, I did not give up. Finally, I pwned this box!

    I am noob here and doing this (2 weeks maybe) so never used postman and dirbuster. They helped a lot. Also read a lot about JWT token-based authentication. I learned a bunch with this second box I pwned. Thanks everyone!

    Good job Bro...

  • I've tried doing the c**l with the right password but can't figure out how to find the correct username, any hints?

  • I can not get the token to take at all. Keep getting Token is not valid. Is it the credentials from the previous step? I have tried several alternatives but can not get it to produce another token with anything different.

  • Type your comment> @ilezu said:

    I've tried doing the c**l with the right password but can't figure out how to find the correct username, any hints?

    Are you able to retrieve any data from the API? It's pretty common with REST APIs that if, for instance, a GET to /dogs returns a list of dogs that /dogs/spot might return more detailed information about a single dog.

Sign In to comment.