Aragog

1356711

Comments

  • I cannot find a way to get RCE :( I have found lots of files but nothing of any use.

    monkeychild

  • I'm a dumbass!!! I was typing the wrong username in!!! I now have a shell lol

    monkeychild

  • Anyone got root?!? I've been pulling my hair out for the last few days.

  • I know the feeling, in the same place :expressionless:

  • Any hints on root? I've been stuck for a few days now.

  • Been dirbing for days need a nudge.

  • any chance to get a direction?
    found the 2 files, but can not find the connection..
    i am missing something for sure, maybe overthinking it...

  • deanos: as already stated in this thread look at OWASP Top 10 and put both files in conjunction

    PM me for additional help if you need

  • @deanos said:
    any chance to get a direction?
    found the 2 files, but can not find the connection..
    i am missing something for sure, maybe overthinking it...

    Burp is your friend here. Pay close attention to the headers. Burp even gives you a hint by adding an extra tab besides the Raw,Param, etc...

    GingerHackz

  • edited March 2018

    Hello everyone,

    Very frustrating :( . It's been a few days that I've been messing with this box. Getting user.txt was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing with some logs, tried enumerating manually with whatever makes sense, and I actually did find another webpage that the enumeration didn't find.

    Still have no f'in clue how to get shell.

    Please halp

  • So you got user.txt by LFI so what else can you see?

    monkeychild

  • And think what are your possibles ways to login into the box

  • I started back on this again today thinking yeah I will win!!! Well...... I still cannot get root lol. I can see a dir belonging to another user, and I have found a dodgy hash that gave me nothing. I've been looking at the wiki and it looks like something maybe automated?

    monkeychild

  • JEEZ thought I was ok with this stuff, but every so often just get so very stuck. not understanding this one. I have found 2 files by different methods and if I use burp I can get some functionality (changing values displays correct results). I have tried cmd injection on this and everything I have tried fails. right track? or barking mad? plus, haven't got any LFI to work, any help there would be great to, please PM me clues, not answers.

    adyd

  • I've found something that appears every few minutes and some files that move every 5 minutes. I cannot see where it is called from.

    monkeychild

  • more hints at priv. esc? :scream:

  • I got a number of shells - different users, ran LinEnum etc. Found a lot of things - but after 5 days I still haven't got root. .. this one is hard

  • @Raphaeangelo said:
    Any hints on root? I've been stuck for a few days now.

    Did you have any luck with priv esc? Can't seem to find anything standing out. :/

    Hack The Box

  • @owg said:
    I got a number of shells - different users, ran LinEnum etc. Found a lot of things - but after 5 days I still haven't got root. .. this one is hard

    @DarkNight7 said:

    @Raphaeangelo said:
    Any hints on root? I've been stuck for a few days now.

    Did you have any luck with priv esc? Can't seem to find anything standing out. :/

    @davad said:
    more hints at priv. esc? :scream:

    @monkeychild said:
    I've found something that appears every few minutes and some files that move every 5 minutes. I cannot see where it is called from.

    see if the site is hosting anything ;)

  • Weird? The password I used to get onto said site doesn't work lol

    monkeychild

  • May anyone pm me about a hint? I think I have found the correct file from the system, but I always get a timeout. I was able to retrieve the public variant of that file

  • really could do with some pointers on priv esc. run the usual checkers and have compiled and tried them with no luck. I see there's a job that runs every so often but don't have permissions to edit that. please PM me with any clues you might have.

    adyd

  • ok must add. I do not normally port stuff nor do I usually respond to PM's. saying that as sometimes it's not obvious if people have spent enough time on something. but I have with this one, saying that one exploit linuxprivchecker suggested which haven't tried (next on todo list). but this one is weird. help me obewan you're my only hope!

    adyd

  • post even!!

    adyd

  • Look harder!! I haven't rooted it yet, but I think I am on the right path (at last).

    monkeychild

  • ok looked harder. need some help, anyone? PM me please!!

    adyd

  • I see a weird job running. cannot say as to not spoil. but runs /usr/sbin/XXXX and in CAPS! file does not exist how is that possible?

    adyd

  • with -f, then the other jobs which I cannot edit

    adyd

  • I have been at this box for days :D

    monkeychild

  • THIS BOX IS MINE!!!!!!!!!!! At long last :tired_face: Wow! That was a journey lol

    monkeychild

Sign In to comment.