Jarvis

13468923

Comments

  • Great box - thanks for the easter egg at the end.

  • Hint:
    User: As our friend said "check all hotel rooms"
    Root: 4755

  • edited June 2019

    I'ma goose

  • I'm stuck into user explotation any hint for LFI or how gather creds to /ph*******in/? PM please

  • edited June 2019

    Hi, I am inside the p********n page. I am not sure how to proceed from there. Can you please give me a way ahead?

    Edit: Got it. Thanks anyway

  • Rooted! Special thanks to @elgastiom for giving me the last hint to get root!

    If someone needs help just PM me.

  • I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

  • Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

  • Type your comment> @keithschm said:

    Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

    Just cracked user, take a look a the s********y and see what it's doing. Find a way to use that to your advantage.

  • edited June 2019

    Type your comment> @hoodedfigure said:

    Type your comment> @keithschm said:

    Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

    Just cracked user, take a look a the s********y and see what it's doing. Find a way to use that to your advantage.

    Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.

    Revolution

  • Type your comment> @Revolution said:

    Type your comment> @hoodedfigure said:

    Type your comment> @keithschm said:

    Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

    Just cracked user, take a look a the s********y and see what it's doing. Find a way to use that to your advantage.

    Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.

    Previously mentioned by @Zot

    Google: Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation

  • edited June 2019

    read that, but permissions are restrictive...

    can't run that with out putting something else in front of it.

  • Rooted! Wonderful.

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • Finally i do it with few hints from this thread. I can get full shell from user with hint posted here. But root flag i get in stupidest way ever! :+1:
    Just pm me if you wanna help :)

    If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you <3

  • Type your comment> @hoodedfigure said:

    Type your comment> @Revolution said:

    Type your comment> @hoodedfigure said:

    Type your comment> @keithschm said:

    Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

    Just cracked user, take a look a the s********y and see what it's doing. Find a way to use that to your advantage.

    Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.

    Previously mentioned by @Zot

    Google: Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation

    Seriously, I don't know if I am stupid or something, but I cannot understand. The encapsulation technique is something that I found out by myself, without the need of this link, but other than that I can really do not understand how I am suppose to use this since there is not infoblox on the system.

    Revolution

  • edited June 2019

    i need hint in PM me

    Arrexel

  • Type your comment> @Revolution said:

    Type your comment> @hoodedfigure said:

    Type your comment> @keithschm said:

    Type your comment> @aasiakhan said:

    I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

    me toooooooo... Could someone have changed permissions?

    Just cracked user, take a look a the s********y and see what it's doing. Find a way to use that to your advantage.

    Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.

    It's hard to tell exactly what you're doing given your comments, but if a program is exploitable and you run it as yourself and exploit it, you obviously won't have accomplished much. OTOH, if you can find a suid program or find some other way to run a program which is exploitable as a user other than yourself, then you'd be onto something.

  • I'm getting the ban message even after a reset if it's my first request on the box. Is this expected behavior?

  • Type your comment> @Conda said:

    I'm getting the ban message even after a reset if it's my first request on the box. Is this expected behavior?

    You're making one single request? Using something like curl?

  • Type your comment> @deviate said:

    You're making one single request? Using something like curl?

    Yes one single curl request and on a VIP server. Curl request to the high port.

  • Type your comment> @Conda said:

    Type your comment> @deviate said:

    You're making one single request? Using something like curl?

    Yes one single curl request and on a VIP server. Curl request to the high port.

    The high port only exists to serve that ban message. :p

  • Type your comment> @deviate said:
    > Type your comment> @Conda said:
    >
    > Type your comment> @deviate said:
    >
    > You're making one single request? Using something like curl?
    >
    >
    >
    >
    >
    > Yes one single curl request and on a VIP server. Curl request to the high port.
    >
    >
    >
    >
    >
    > The high port only exists to serve that ban message. :p

    Thank you. I feel like an idiot, it's come full circle in my mind now haha.
  • In same situation as @hoodedfigure . I know how execute arbitrary commands in s.py but I don't know what to execute to get pe**** shell. Always getting d shell

  • Type your comment> @n0t said:

    In same situation as @hoodedfigure . I know how execute arbitrary commands in s.py but I don't know what to execute to get pe**** shell. Always getting d shell

    on a *nix system, what are the most common ways to run a program as another user?

  • @deviate Sudo and specifying user or su...But still it asks for data password or pepper one

  • Type your comment> @n0t said:

    @deviate Sudo and specifying user or su...But still it asks for data password or pepper one

    How can you list what commands you can run with sudo?

  • Thanks @deviate. I'm stupid, should've used the whole path and without py*** at the beginning

  • Have user & shell, if you need help PM me

    Not got root yet though

    Hack The Box

  • Type your comment> @n0t said:

    In same situation as @hoodedfigure . I know how execute arbitrary commands in s.py but I don't know what to execute to get pe**** shell. Always getting d shell

    @n0t said:
    In same situation as @hoodedfigure . I know how execute arbitrary commands in s.py but I don't know what to execute to get pe**** shell. Always getting d shell

    Hi n0t,

    I already got user. I was just suggesting it for others. If you need a hint send me a PM.

    Regards, HF

  • please have mercy. please dont execute that beef. we can't have a stable connection :-(

    happy to say im a newb

Sign In to comment.