Bankrobber

2456

Comments

  • NOT INSANE..

    Arrexel
    OSCP | I'm not a rapper

  • This box at initial step is sooo slooooooow. Sometimes even restart didint help. Some tips for players: client side, enumerate, bruteforce and half of "answer to life the universe and everything" ;)
    If you have a problem with init/user/admin just PM'me. I will try help you ;)

    If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you <3

  • edited September 2019

    Never mind... I'm just an idiot about being consistent with URLs... /eyeroll

  • @Kucharskov @1c4re1337 thanks for all the help :+1:
  • edited September 2019

    I am chaining vulns for foothold, i can see what can be used for getting shell, but my script not working as i expect.
    Edit: if you trying to write your own stuff from the beginning and it is not working, consider using existing things on machine. (not regarding payload, more for vuln structure)
    Machine is a bit lagi, so check your testing payloads with already working alongside with them.

  • PM for hints
    kareem

  • Possible that that box is a lil unstable? Figured out how to basic test a response via a normal user. that worked for few attempts. then stopped. after reset not better.

  • I found a vulnerability in a point but I cannot exploit it maybe because unstable box. I need some indication

  • Can someone PM me, I need a nudge on the initial shell. I have the RCE through x** vuln, but can't seem to get anything working for a shell...
  • What to do at first? I am stuck for 2 hour thinking what to do. Nmap doesnt show ports and directory enumeration are slow.

  • Type your comment> @jayjay25 said:

    Can someone PM me, I need a nudge on the initial shell. I have the RCE through x** vuln, but can't seem to get anything working for a shell...

    you don't need a shell YET, try to grab something you could EAT, then use it for something you've already been there

    v1ew-s0urce.flv
  • edited September 2019

    Is am writing script to interact in internal service used python and bash scripts to do it, but they both failed. Help?
    EDIT: If you writing script with sockets or call and it is not working - consider using telnetlib, simple and efficient.

  • I used python and it worked just fine.

    The box is easy but very unstable as some have pointed out. Wasted a lot of hours during the initial step even though I was on the right path.

  • What a fun box.
    Thanks a lot to @Gioo & @Cneeliz for the journey

    I learned a lot during the user stage
    Root part was too simple imo

    The need to reset the box every time the service crashes (and you know it will crash a lot) was a bit annoying and I'm pretty sure could've been solved easily

    Overall very nice box
    Thanks a lot

  • Spoiler Removed

  • Could anyone give a hint with initial foothold? I did some enumeration, have an idea of what is happening, but don't know how to exploit it

  • edited October 2019
    • Very good machine, thank you to the creator of the box for his work. :)
  • There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.

  • Type your comment> @tmogg said:

    There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.

    I'm on free and i don't approve this advice xD

  • Type your comment> @DaChef said:

    Type your comment> @tmogg said:

    There is something broken around the service. After few requests it stopped talk to me, I waste 2 days on trying to do one simple thing. So finally I moved from VIP to free servers and it works pretty well there. I got what I need in no time. So if you are on VIP and you are stuck, maybe you should consider jumping into free servers for this one.

    I'm on free and i don't approve this advice xD

    You have no choice if it doesn't work at all.

  • rooted , this box is really good , thanks for the box creators

    Hack The Box

  • edited October 2019

    I'm stuck at the bdchecker, I can run it (or better have somebody to run it for me) and read its output but I can't execute any other command but the one it explicitly says I can run, and I don't know if there's a way to exploit this single command or retrieve something useful with it...

    I tried several command concatenation, I tried to look for a way to make it produce some arbitrary text and save it on disk.. I'm running out of ideas. Any hint will be greatly appreciated. :)

  • just rooted! message me for help

  • Very long final step ... slow ****

  • edited October 2019

    Hi guys,

    Just a quick update:

    I am keeping an eye on this thread to know what's up with the box. I've read that a lot of people are experiencing that the privesc part is unstable. After a couple of checks I did locally I can confirm that that's the case. This is something we did test thoroughly though, but after the testing procedure we made a small mistake which resulted in the privesc part being unstable. I've messaged a moderator on HTB and we're working on a fix.

    Sadly I'm not able to remove the experience from people who already rooted the machine, but to all of you who did own the box pre-patched; consider yourself a go-getter :)

    Thanks for your feedback.

  • edited October 2019
    Do you guys think that this box is bugged? Nothing comes back, even after restarting the box. Someone from here confirmed my script.
    I'm on `10.10.14` .

    Edit: tried on the Free server too.

    Can someone that completed this box, retry it and confirm that it works? I spent a crazy amount of time on what seems to be a bug..

    Edit: It works! :) ..typo..

    stats

  • This final part.... its a different version but I have no idea what it actually is.... lol

  • edited October 2019

    Spoiler Removed

  • I have same problem , I try with another tools to make my shell (I use nc actually)

  • Spoiler Removed

Sign In to comment.