Craft

Type your comment> @hanter said:

Root-access to docker container via RCE, iā€™m stuck here no idea what to do. Dumped database found 3 usersā€¦ pw reuseā€¦

Got Access to 2 out of 3 users in git (gogs) and found one extra repo

In extra repo found info about vault and one set of not so private keyā€¦ Also got to know that vault is used for as SSH OTP.

Overall i have some info but iā€™m unable to connect the dots to even get the user.

help please where do I go from here!!

How can you enter gog site?

Thanks

This was a great box !

Tips for root :

once you have user. Just check the machine and gogs on what technology the app uses for managing itā€™s secrets. once you get to know that, just read the documentation on vendor site and youā€™ll know what to do. PM for hints on user or root.

beer, silicon valley, and hackthebox? doesnā€™t get better than this.

User:
donā€™t overthink the jail. Say hi to your neighbors they may greet you with beer and snacks

Root:
pay close attention to the components involved. And how they may be used to root the box

Cheers! ?

Hello everybody.

Iā€™m trying to exploit the vunerability in the code b***.py, but I donā€™t understand why my payload doesnā€™t works. I tried it on my machine and it works without problems. Please, someone can send me a PM to verify my payload and give me a nudge to understand why it doesnā€™t work ? Tanks

Edit : I have the user now ā€¦ Iā€™m reading the documentation of V***t . I donā€™t know exactly what to do , and I hope I will find in the docs.

Edit2 : Rooted ā€¦ once you get the user, get the root is really easy. Just find something which manages secrets and read the associated doc.

Can somebody PM me and give me a hand on the initial shell?

Iā€™ve gotten a nc shell to launch with an authenticated c*** request, but itā€™s connecting from my machine instead of the server.

root@craft:~#

:slight_smile:

Hi @ all ! Started with Craft and got Creds from d***** to login and also got ssh key! Tried to exploit the e*** on system it works but when posting on the server it doesnā€™t! Now iā€™m stuck can someone help me ? THX to all for helping me :smile:

Hi all,
I found d***** creds, using which I exploited a certain function to get back a reverse shell. However, I am in a B****** shell, I think. Canā€™t do anything from there. Not sure how to get out of it. Pls PM me someone, any kind of nudge would be appreciated.
Thanks :slight_smile:

Rooted. Lol. :slight_smile:

Is there no webpage? If I go to http://10.10.10.110 I get unable to connect. but I can namp it and see 2 open ports. Is that normal?

Did anyone have any issues with their SSH client hanging after successful authentication? I am working on getting user and believe I have found the correct path. Found interesting file while enum in jail and ran SSH in verbose mode to see auth was successful.

Fixed ā†’ Note to anyone that comes across same issue, donā€™t throw everything at the door until you know what you have.

Hey all,

Can someone pm me help on getting initial foothold, I am able to get RCE however I am not able to get a callback or the desired output iā€™m expecting. I believe i know what I have to do, according to an article i found online, however i canā€™t seem to get it working. I believe itā€™s due to my lack of understanding of how python works and would like to discuss further with someone via PM to avoid spoilers.

Iā€™m stuck in jail, could someone send me a PM for a little push? thank you very much in advance ^^

Type your comment> @invictim said:

If anyone is getting stuck after RCE and interacting with db (before getting user), and youā€™re using commands with * to enumerate but getting single responses, try commands that select things 1 at a time.

Thanks so much, this is so good!

I found ps in de, but not working with s*h.
Oh, another user nice

user.txt good

Fight with vā€¦t

login to v**** with s*** policy, what next?

root.txt 831ā€¦

PM me if u stuck

Hi Guys im stuck on Gil** user and i donā€™t know how to escalate to root can someone give me a nudge. PMā€™s are welcome

Fun box!

Anyone around that would be able to take a look at my syntax and tell me what Iā€™m doing wrong?

Iā€™m getting ā€œ{ā€œmessageā€: ā€œThe browser (or proxy) sent a request that this server could not understand.ā€}ā€

when I try to c*** and create a new b***

rooted.
whoa, what a ride. Nice box!

@Lycist

That might be escaping problem. Try easier way via w**

Itā€™s very realistic machine ! <3
If you need nudge PM me