Scavenger

Ill start it

«1345

Comments

  • Not even sure where to focus my energy yet...


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Try Broader! 😉
  • Type your comment> @feffi said:

    Try Broader! 😉

    Not sure what you're referring to...


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @farbs said:

    Not even sure where to focus my energy yet...

    I'm on the same boat as you... Where to even start.

    phase

  • I'm not quite sure but the version of E*** should be vulnerable however the A*** command reports to be not working. Ideas?

  • Type your comment> @Tyr4an7 said:

    I'm not quite sure but the version of E*** should be vulnerable however the A*** command reports to be not working. Ideas?

    Thinking it's a rabbit hole... Not sure. Try focusing on the webserver...

    phase

  • edited August 18

    Type your comment> @Phase said:

    Type your comment> @Tyr4an7 said:

    I'm not quite sure but the version of E*** should be vulnerable however the A*** command reports to be not working. Ideas?

    Thinking it's a rabbit hole... Not sure. Try focusing on the webserver...

    The WebServer is kinda funky if you think of it, if only I'd figure out what the maker of the box is hinting for the "ERROR: v**** ...". Seems quite unusual

    EDIT: Got it.

  • Type your comment> @Tyr4an7 said:

    Type your comment> @Phase said:

    Type your comment> @Tyr4an7 said:

    I'm not quite sure but the version of E*** should be vulnerable however the A*** command reports to be not working. Ideas?

    Thinking it's a rabbit hole... Not sure. Try focusing on the webserver...

    The WebServer is kinda funky if you think of it, if only I'd figure out what the maker of the box is hinting for the "ERROR: v**** ...". Seems quite unusual

    You have to change something locally to be able to access the site.... PM me if you need more help.

    phase

  • Can Someone throw a hint on User

  • Spoiler Removed

  • @baubau said:
    i think the way in is by exploiting the sql injection in w**** service, but i was not able to do it, because i suck at sql injection :disappointed:

    Craft a way around it with sqlmap

  • I worked my way through WH*** and unlocked the doors for other places but I can't find my way to the user.. can someone give me a nudge into the right direction, as in, to which place I should focus my energy on?

  • Some people say that there are three things you have to do before you die: Write a book, have a child and plant a tree.

  • Type your comment> @b4nna said:

    Some people say that there are three things you have to do before you die: Write a book, have a child and plant a tree.

    I also loved this part of the box))

    tabacci

  • Can anyone confirm if there's any vuln in M****s or is it a dead end?

    julianjm

  • edited August 18

    Has anyone figured out a way to deal with the extreme slowness of that one particular thing? I got lucky at one point and was able to get a shell up, but the box got reset and now I get nothing but timeout errors.

    Edit: Not impossible to move forward after all, but still obnoxious.

    opt1kz

  • a way to deal with the extreme slowness

    I just moved to other channel of communication, with minimal intervention with that slowly component.

    tabacci

  • Type your comment> @opt1kz said:

    Has anyone figured out a way to deal with the extreme slowness of that one particular thing? I got lucky at one point and was able to get a shell up, but the box got reset and now I get nothing but timeout errors.

    Literally impossible to move forward because of it and it's fucking ridiculous.

    It's funny because you don't need that thing for root.

  • edited August 18

    Type your comment> @sampriti said:

    It's funny because you don't need that thing for root.

    Edit/clarification: I know, but the way I got user felt kind of lame and I wanted to see if I could get a real shell before going for root. Oh, well.

    opt1kz

  • Lots of stuff to look at once you find them... not sure which route to pursue.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • @koredump said:
    Lots of stuff to look at once you find them... not sure which route to pursue.

    Tell me about it. Eyes going square from the insect, feel like i'm missing something but feel like I've tried all the avenues... time for a break!

    DAAAALY

    If you send a message for help, tell me what you've done or you won't get a reply.

  • Anyone here can drop some hints about user at least ? There are multiple places to dig not sure where to go :/
  • It looks like I can upload files...but I don't know where they are going or how to get to them. I'd love a hint or a nudge in the right direction.

  • I'm trying to enumerate every possible port i get after initial nmap scan. Fixed the Virtual Host part as well. I'm stuck at this point and unable to move forward. Any nudge or hint would be highly appreciated :)

  • I'm unable to get shell... I cannot make any tcp connection, but the commands work. Any tip appreciated :)

    julianjm

  • I have the user, now I work for the root. :D

  • edited August 19

    can i access the wh**s over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq***ap at it but only works for HTTP as far as i know

    ive seen the vhost for the service but getting the error

  • Type your comment> @badman89 said:

    can i access the wh**s over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq***ap at it but only works for HTTP as far as i know

    ive seen the vhost for the service but getting the error

    You don't really need any tool. That vuln is simple enough to do it on the command line.

    julianjm

  • Type your comment> @julianjm said:

    Type your comment> @badman89 said:

    can i access the wh**s over http? can see the vulnerability on the backend of the service, tried fuzzing it with a python script. wanting to throw sq***ap at it but only works for HTTP as far as i know

    ive seen the vhost for the service but getting the error

    You don't really need any tool. That vuln is simple enough to do it on the command line.

    Got it thanks 😄

  • Is the insect M****s the right way here? I know I can upload but I don't know if this is configured to disk or database. The x*l method doesn't appear to be valid on the version running.

    So far a really engaging box!

    DAAAALY

    If you send a message for help, tell me what you've done or you won't get a reply.

Sign In to comment.