Craft

1246719

Comments

  • Type your comment> @terminalJ said:
    > Need some help with escaping if someone can give me some feedback. DM me please.

    Yeah I'm at this stage too. I'm unsure what I need to do to escape. I'm just using a test payload at this stage.
  • edited July 2019

    Nice box. Root was too easy.

    don't stay in jail too long. Get creds and get out. learn a little sql.

  • I've already rooted!!! , nice box, it's very real ..

  • I've got my payload working, but can't catch a reverse shell from it. Is this the right way to get shell?

  • edited July 2019

    rooted!!!! very nice box...
    PM if you need some hint.

  • Type your comment> @thegoatreich said:

    I've got my payload working, but can't catch a reverse shell from it. Is this the right way to get shell?

    you need the "&" ... :D

  • edited July 2019

    Type your comment> @thegoatreich said:

    I've got my payload working, but can't catch a reverse shell from it. Is this the right way to get shell?

    I assume that there may well be more than one way to do this. I spent a bunch of time struggling with trying to get a shell directly and ended up just downloading and executing something to get it instead.

    Also, since there may be multiple ways, it's possible that the error message people are reporting can be a non-issue, but in my case anytime I got that error message it meant that I wasn't sending properly formatted data.

    I'd suggest trying to simplify what you're sending. Can you get it to connect back to you at all? Once you get that working, you can improve it from there.

  • I have a shell now. Albeit a limited one by the looks. Found some creds, looking to use them.

  • I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • Type your comment> @mojorisin said:

    I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

    make sure the VM is still running. seems like with the new time limits set up this happens to me all the time and I have to go back into the dashboard and re-initialize the box.

  • Type your comment> @dr0ctag0n said:

    Type your comment> @mojorisin said:

    I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

    make sure the VM is still running. seems like with the new time limits set up this happens to me all the time and I have to go back into the dashboard and re-initialize the box.

    Yeah I'm running it off a dedicated laptop and the VPN is always running, have you managed to get dirb working at all?

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • dirb works for me, maybe you're not using the right protocol/port?

  • Got user with a few nudges from @Leonishan and @jfx41 (respect on its way)
    Got root about 5 minutes later.

    Great box, learned a lot once again.

  • Rooted! A good box a big shout out for the people who helped me thank you so much guys. If anybody wants help feel free to PM :)

  • nothing resolves lol ... edited hosts, still nothing..

  • Type your comment> @dr0ctag0n said:

    dirb works for me, maybe you're not using the right protocol/port?

    Took a while seems to be fine now, it wasn't even getting a ping. Protocol and ports set now to get the initial foothold, nudges always welcome :-)

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • rooted, thanks @Tohzzicklao
    PM if you;re stuck

    v1ew-s0urce.flv
  • Hey guys, could someone give me a nudge? I found a s** service running in a weird place and some pages that don't resolve. Tried digging but pooled out an empty shovel :)

    S1ph1lys

    We are the things that were and shall be again

  • Thanks to @naveen1729 for helping me out of the rabbit hole

    Nice box :)

    User

    It is necessary to see what the developers have changed in the code of the application, it is possible to see something interesting. The part of the RCE is to see how to take advantage of the language and the part of getting out of jail was complicated, sometimes one relies on any script that is in the machine when you can modify it and see if it is returning what it should.

    Root

    The part of the root is simple, just copy and paste a part of "that" and get what you want according to the documentation

  • rooted .... very good box

  • rooted, If someone needs a nudge, pm with what you did and where you stuck exactly

  • Wow, I really like this box! Even though I needed nudges as I was overseeing the obvious things and began overcomplicating things and then followed the rabbit... 😂

  • Wondering if v***t is a r-hole

  • edited July 2019

    Are the links supposed to resolve? I'm not getting anywhere on my foothold, here.

    Edited to remove spoiler

  • Spoiler Removed

    Hack The Box
    ~ Halpless Technoweenie ~

  • any nudge (apart from the Python one;)) will be appreciated.

  • are you guys using any tool for the initial foothold?

  • When i try to enumerate the tables i run command "show tables" but there is only one table "brew"

  • Type your comment> @conan said:

    When i try to enumerate the tables i run command "show tables" but there is only one table "brew"

    I saw another one too u***

    Macte nova virtute, puer, sic itur ad astra.

  • @igaralf said:
    are you guys using any tool for the initial foothold?

    Just the source code for the vhosts and manual explore the present and the past :)

    Macte nova virtute, puer, sic itur ad astra.

Sign In to comment.