Wall

Got root. I can try to give you hints if you PM me.

I found .php, p**.php, /s*****-s*****, and /m*********. I don’t understand the VERB hint or how anyone discovered c*****. Can anyone PM me for what the next step should be?

This one was weird. Didn’t like that you get root and can get user and root flag but oh well!

@gNarv3 said:

This one was weird. Didn’t like that you get root and can get user and root flag but oh well!

The way for just User s***** is actually quite nice. I think the path straight to root was not intended.

[long and kinda misleading question about cve]
EDIT: got www shell\nCheck what special chars are not allowed in desired field. Remove them completely, you can divide rce into as many parts as you want.

I wonder if it is possible to crack hashes from db and restricted area? Has anyone done this?

Type your comment> @sazouki said:

i writed script to bruteforce the login page and got the password but i would like to know how to bruteforce the api part i dont know what data to send ( I tried ad***=&pass***=) but it keep saying unauthorized

check the response, should be ‘Bad credentials’

For those having issues with the CVE exploit. Using the CVE exploit requires people NOT modifying the only poller configuration, especially the name. For goodness sake, duplicate it and modify it to your heart’s content. Also, read the CVE write-up by @askar, who I think is also the box creator.

Can someone DM me, I can’t figure out what the “VERB” is after getting the m*********/ and a*.*** and p****.***.

Not a fan of having to brute force anything. That was a bit on the annoying side. Though getting around the CSRF was pretty fun. The next few steps were pretty standard stuff, though I did learn a few tricks. All in all it was okay.

I’m having trouble modifying the exploit and can’t seem to get it to work. It doesn’t seem to connect to my machine and I can’t figure out why.

Could somebody PM me and help me out a little bit?

Hi,
Can someone DM me, I got usual three results of dirbuster, but do not get c****** and /s*****-s*****. Should I wait more to finish or there is another way?
Thanks

nvm got needed page

Rooted :slight_smile: Thanks @askar for the machine and nice find :wink:

First part is the most difficult, there’s one challenge on HTB that could help you for the initial foothold :wink:
Second part is easy peasy if you enumerate correctly and google things that don’t look common.

Hints on the forum should be enough to complete this box but still you can DM if you’re struggling :slight_smile:

Hack The Box

I’m struggling a bit with the loggin with the exploit, tried to modify it but seems like it isn’t working…

I got the poller t***n, and correct credentials, even the listener but my machine can’t recieve any data…

If anyone could give me a hand i’d appreciate it since I dont know what am I overlooking

How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.

Since there is no need to brute force, I wonder how to find out the credentials.

Type your comment> @Cli3nt said:

How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.

Since there is no need to brute force, I wonder how to find out the credentials.

better to write your own script and be careful regarding the CRSF token

Rooted. What a piece of utter garbage.

Type your comment> @ad1337 said:

Rooted. What a piece of utter garbage.

■■■■. Why so much hate? Lol. I get @asker made a box with some annoying “walls” to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some “walls” but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.

Someonw who already rooted this can PM me? I’m totally lost. I found the php files and the login page, but I have no clue how to proceed. Also, I do not get the English class reference at all…Please someone?

@c1cada said:
■■■■. Why so much hate? Lol. I get @asker made a box with some annoying “walls” to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some “walls” but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.

He didn’t make annoying walls. He just created a self-advertisement.
Apart from the initial foothold which was interesting and definitely had a learning-experience, the later part - and I’m especially talking about rooting the box - is totally uninspired and required zero effort (both for him and the attacker).
It’s just comes down to a random exploit, that has nothing to do with the previous findings, or requires any skill besides “basic enum”. And I’m sorry to say that, but “basic enum” & browsing exploit-db is nothing that should reward you with 30 points.

Rooted! Thanks @zalpha & @toka . DM, if need a nudge.