Scavenger

245

Comments

  • so I exploited the vuln and dumped the data but info obtained is not useful and I also dont have any r/w perms. any small hint is highly appreciated. :)

  • @mpzz said:
    so I exploited the vuln and dumped the data but info obtained is not useful and I also dont have any r/w perms. any small hint is highly appreciated. :)

    Check the obtained data and redo a step you already did earlier, but with the new data..

  • I have an RCE but it's very limited with limited R/W permissions. No reverse shell too, or anything remotely better.

    Any tips would be appreciated.

  • ok got past the first vuln, so much to look at cant seem to find which avenue is the right way yo go
  • Finally rooted, a box that I did not particularly appreciate especially since she has a lot of rabbits.

  • edited August 21

    Could I get a PM nudge in the right direction for syntax errors with a certain early step?
    I can give my notes, just not sure what i'm missing since i'm not too familiar with the method. I keep getting syntax errors no matter what I try but i can manipulate the output of those errors.

    Thanks @jorgemorgado for your nudge in the right direction. I appreciate your help!

  • Totally lost on this one...trying to S*L inject WH**s but lost there..Can someone PM me on initial foothold

  • Type your comment> @jayjay25 said:

    Totally lost on this one...trying to S*L inject WH**s but lost there..Can someone PM me on initial foothold

    You are on the right track, you must try a lot harder and counter the mistake.

  • edited August 21

    I'm terrible with the S//i vuln, tried for ages without any success, so I'm instead trying to guess the information I'm looking for by bruteforcing the service in question with a large wordlist.... Am I wasting my time? Should I just keep on with the S//i instead?

    Mech

  • Type your comment> @mech said:

    I'm terrible with the S//i vuln, tried for ages without any success, so I'm instead trying to guess the information I'm looking for by bruteforcing the service in question with a large wordlist.... Am I wasting my time? Should I just keep on with the S//i instead?

    You should continue with S ** I. Just try to analyze and counter the error. Imagine in your head how the query is created.

  • edited August 21

    Type your comment> @Seepckoa said:

    Type your comment> @mech said:

    I'm terrible with the S//i vuln, tried for ages without any success, so I'm instead trying to guess the information I'm looking for by bruteforcing the service in question with a large wordlist.... Am I wasting my time? Should I just keep on with the S//i instead?

    You should continue with S ** I. Just try to analyze and counter the error. Imagine in your head how the query is created.

    Managed to get it now thanks :) Was missing something when I was trying to imagine how things looked on the other end.

    Mech

  • edited August 21

    Hey!
    I found a way to retrieve something from W***S with a wildcard, but i don't know if it's correct or i need to try another way...
    Unfortunately I didn't find a method to inject correct query. If someone can PM me an hint of how to "close" query field...

    THX

    update: looking for a way to RCE... Should i look to W***S or to web?

    See Ya!
    0xdebe

  • Can anyone tip my hat and tell me if i'm shopping for the right way to get RCE ?

  • edited August 22

    Got past the w**** thing a few days ago using s***ap, there's a way to do it, you just have to hack some things together.

    For the initial foothold, consider everything. If you see something that is interesting but you're not sure what to do with it, consider spending more time on it instead.

    Getting from foothold to user required enumeration of a lot of things. I knew what I was looking for, but not where. One of the last places I'd looked, really. The slow thing is slow, but you don't really need to use it unless you're stuck and need to find where you are.

    Gotta get to root...

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • Finally rooted this box
    What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes ..really well done for the creator of this box @ompamo thank you i learned alot :) .. just i think that user was a bit more complicated then root
    I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
    I will drop some hints
    For user :
    - You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
    - Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
    For root :
    - You need to do some googling when you find that file
  • edited August 22

    @lfabname said:
    Finally rooted this box
    What a nice box to say the least i really enjoyed all the way especially the user part there were lots of rabbitholes ..really well done for the creator of this box @ompamo thank you i learned alot :) .. just i think that user was a bit more complicated then root
    I would to thank all the people that helped me especially @Angel235 and @Seepckoa i wouldnt make it without you guys
    I will drop some hints
    For user :
    - You need to find all what you can about the box and really enumurate everything , once you see the lower port in which you will be asked to query something once you found it is vulnerable do more enumuration you to Dig all the way around
    - Once you found what you are looking redo a step that you made before you will find what the http port is asking you , you will have your hat xD , do more enumurations you will get the user flag but with restricted access by analysing some p**p file you will find some creds use them to your advance
    For root :
    - You need to do some googling when you find that file

    No problem, and congratulations, after a moment of work, you have succeeded. The advices of @lfabname are well explained.

  • Finally rooted. What a fun one! This was the first time I attempted a new box that didn't have many hints, but that turned out to be an experience.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

  • @awkward said:
    got the vhosts after the s**i aaaaand im stuck. What am i missing here ? i enumerated everything. any hints ?

    You didn't enumerate everything, go back and do your basic steps again

    Mech

  • This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

    delosucks

  • Wow, finally rooted after three days of intense work and learning. Hardest box I've ever done, had to pull on bits of knowledge from just about every box I've done so far.

    Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

    Also gotta say thanks to @Jacker31 for the hints and emotional support lmao.

    Mech

  • Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited August 24

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are.

    I hope this is not spoiler lol.

    Tohzzicklao

  • edited August 24

    @delo said:

    This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

    @mech said:

    Wow, finally rooted after three days of intense work and learning. Hardest box I've ever done, had to pull on bits of knowledge from just about every box I've done so far.

    Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

    Also gotta say thanks to @Jacker31 for the hints and emotional support lmao.

    Thanks, appreciate your comments!

    ompamo

  • Type your comment> @farbs said:

    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    Enunerate with bigger dicts...

    julianjm

  • hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks

  • Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are. It's not the smartest of the insects.

    I hope this is not spoiler lol.

    Not a spoiler. But I've already found what you're referring too and can't latch on.


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited August 24
    > @farbs said:
    > Not a spoiler. But I've already found what you're referring too and can't latch on.

    If you found it, find the right parameter to make it work.

    Tohzzicklao

  • edited August 24

    Type your comment> @Tohzzicklao said:

    @farbs said:
    Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?

    The stupid insect's eyes hide a valued secret at plain sight (you could think it's from someone else). And it's willing to share it with you without knowing who you are. It's not the smartest of the insects.

    I hope this is not spoiler lol.

    Are you referring to the public vuln? Because I haven't been able to make it work.

Sign In to comment.