Safe

2456712

Comments

  • Any hints on root ?

    fasetto

  • edited July 2019

    if we need to do what i think we need to do with the tottaly dope port, thats soooo cool :) im loving this

    Yeah i think i was wrong. Overexcited :) well pushing on

    S1ph1lys

    We are the things that were and shall be again

  • edited July 2019

    Guys, ignore my previous comments, im noob and I got trolled(by myself), these command execution worked locally :neutral:

  • Whoever uninstalled python and python3 is a sadist...

  • How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones..

    MrR3boot
    Learn | Hack | Have Fun

  • edited July 2019
    @D4nch3n Why not add your SSH key to authorized_keys if you have RCE?
  • edited July 2019

    Type your comment> @snowscan said:

    Why not add your SSH key to authorized_keys if you have RCE?

    Whoooooops I forgot you can do that....

    Thanks haha

  • edited July 2019

    deleted

    OSCP (2019)

  • edited July 2019

    deleted

  • i have binary local exploitation in my machine, but doesnt work remote...

  • Any hint on where to find the binary? Or is that after you figure out the high port?

  • Type your comment> @liquidpascal said:

    Any hint on where to find the binary? Or is that after you figure out the high port?

    Enumerate the web a little bit, you will find the file.

    v1ew-s0urce.flv
  • Any tips on what to do to crack the .kd** file? hashcat isn't working...

  • i need to up my enumeration game, positive realization. Since i afaik have exhausted my wordlists(dirs/files) using the most common tools like dirbuster,gobuster and dirsearach, i am a bit stomped about how to locate the binary. Would anyone mind dropping some names of techniques which i must have overlooked.

    It might also be the case that i haven't gotten to the point, i have found the higher port , interacted with it and also spotted how to make it not wanna talk/answer. and i do believe i understand where this puts me in context of exploitation etc, but its either a blind effort which does not seem to fit with the reports getting hold of the binary (in this thread)

    Thanks for your brain!

    -All hail the Potato-

  • Type your comment> @Ketil said:

    Would anyone mind dropping some names of techniques which i must have overlooked.

    Turn off 90% of your brain and just right-click.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited July 2019

    @opt1kz @jkr brain officially disconnected !

    *derp , herp derp.. derp derp derp

    thanks guy, il just go crawl back in my shame corner : P

    -All hail the Potato-

  • Type your comment> @MrR3boot said:

    How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones..

    Is it a retired box by chance if it is could you DM me please, trying to make the most out of vip :)
    Thanks in advance if you can

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • Type your comment> @mojorisin said:

    Type your comment> @MrR3boot said:

    How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones..

    Is it a retired box by chance if it is could you DM me please, trying to make the most out of vip :)
    Thanks in advance if you can

    I think the box mentioned here is Jarvis, it's Active now.

    CKasper

  • edited July 2019
    I'm actually doing it now nearly at user after a couple of shells, and thanks.
    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • Can someone PM me nudge on user. Completly stuck right now...

  • Is it the same process as Ellingson root ? I've got an idea of what to do but I'm not sure of it as it is an easy machine :)

    Hack The Box

  • Does one need to work on Bo* to exploit the my*** binary....or there is something else...port knocking is not there I think....

  • Stuck at this friggin' K***X file. Pumping rockyou through it, no results. Do I have to do friggin' Steganalysis on the images or WTF? Using them as key files didn't work. Not even when concatenating them. And I don't know who rated this box as 20 points and "easy" when you have to do binex... but the one responsible for this rating should lay off the drugs.

    image

  • Can someone PM me any hints for how to exploit the my*** binary ?

  • Asking for a PM nudge when it comes to my*** binary cant seem to find anything

  • Type your comment> @dewdrop0247 said:

    Asking for a PM nudge when it comes to my*** binary cant seem to find anything

    Same here... this drives me nuts :-(

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • Hint for people stuck at finding the right technique to exploit the binary: Google the question the binary outputs and you will find a very similar example from a CTF where also the technique is mentioned and partially explained.

    image

  • Type your comment> @darkkilla said:

    Hint for people stuck at finding the right technique to exploit the binary: Google the question the binary outputs and you will find a very similar example from a CTF where also the technique is mentioned and partially explained.

    Thx. Found it. But in this case if we really have to do R**, this box should be at least a medium one...

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • Type your comment> @v1p3r0u5 said:

    Thx. Found it. But in this case if we really have to do R**, this box should be at least a medium one...

    Yeah I believe you're not alone with this opinion. Okay, if you know your R**/binex well, the 15 minute User Blood is possible and for those people this might be easy. But the ratings of the box show that many people probably disagree with the rating. I also think that binex shouldn't be on a 20 points box. Also the box isn't very fun at all so far... Ellingson was very awesome from the whole theme. I didn't mind the binex there at all... but this box? No fun at all. Just an Apache and xinetd slapped on some Debian box and a comment added somewhere where many people felt trolled hard. If that's the new "standard" for HTB submissions then I could probably write a box generator that'd deliver the same stuff.
    So far I'm still stuck at the root stage... but I guess that also has to do with some more stupid trolling or sth...

    image

  • Hi i got stuck on this one, do i have to use a BoF ?!?!

    i noticed wenn i send a long value to the port i dont get the repsone i usualy get there...
    but i have no clue how i can get the binary.. to create a exploit...

    maybe somone can push me litle bit in the right direction

    thx

Sign In to comment.