Chainsaw

13

Comments

  • Really enjoyed this box and learned a few new things. PM for hints.

  • Really learned about slack space in this one. Thanks @naveen1729 for the final tip

    @will135 said:
    For those stuck on the last step... don't slack off and keep trying :)

    florian1999

  • For a beginner with W**3 and E***** could anyone please help with how to begin with interacting with the high port? PMs are also welcome

    rowra

  • Type your comment> @rowra said:

    For a beginner with W**3 and E***** could anyone please help with how to begin with interacting with the high port? PMs are also welcome

    I got the setter and getter working, I can set and then get what I set before. I just have zero idea what the payload should be. I tried obvious things but none did anything :( Nudges either here or pm welcome! thanks

    rowra

  • At this point I'm rather certain I'm not doing anything wrong. I've discussed my script and my payload with multiple persons and it's right. Yet nothing at all happens, can't get a http request sent towards me or a revshell.
    Clueless at this point.. any idea? Anyone that can re-re-recheck my syntax? Thanks

    rowra

  • @rowra said:

    At this point I'm rather certain I'm not doing anything wrong. I've discussed my script and my payload with multiple persons and it's right. Yet nothing at all happens, can't get a http request sent towards me or a revshell.
    Clueless at this point.. any idea? Anyone that can re-re-recheck my syntax? Thanks

    Something changes everytime the box is reset. I think you're missing that bit.

    artikrh

  • Finally , I got the root access and found the root flag. To find the root flag is somewhat out of real world scenarios.

  • @artikrh said:

    Something changes everytime the box is reset. I think you're missing that bit.

    Absolutely right. At first I tried a different method, restarted the box and never thought it'd change.. Ugh.. thanks.

    Does the next step involve bruting user b****'s s** pk in hope I can generate his pr****k** too?

    rowra

  • edited September 2019

    Rooted. The only thing that I didn't enjoy about this machine was User (but it wasn't by any means hard) because of that trendy postmodern decentralized will-end-you-all fluff (don't want to spoil it for others). I really, really enjoyed the last part of Root though. Thanks to the creators!

  • edited October 2019

    If anyone is wondering about using python for the initial foothold, the W**3 module has builtin accounts you can use to send t**********s, or you can get test accounts from R***x online IDE. But you'll need an account or eth-address or whatever its called to make it work for python or just use R***x.

    Hack The Box

  • edited October 2019

    Stellar Machine 5/5. Really educational, informative and fun. An expert machine, but neither totally hard nor brainfuck. A few red herrings (like a certain pair of hardcoded creds) here and there and lots of RTFM, but neither feel forced. I was going to give it a 4/5 becuase of the root.txt part, but the real world scenarios that come into play on this machine really make it stand out against the rest. Here are my tips for this machine.

    FOOTHOLD:
    You'll find some easy loot on a service admins usually leave open to anons. Read up on smart contracts and the python or node module used to interact with e******m nodes (Theres a good link on the first page from dapp university) look at the name of the smart contract to get an idea as to what this smart contract might do on the machine and how a common exploit can be attached to this vulnerable function/command.

    USER:
    Not much enum is needed, look for a service from outerspace that connects the planets. Then yu can use the cli to leak data from this service. Use some of the info about employees to locate the relevant data, then you might need to call up john for the secret.

    ROOT:
    This is actually 2.5 parts. The easiest as others mentioned is a certain obvious binary that is programmed dangerously, there are some hints in the binary as to what the dangerous part is and you'll need to compile your own exploit to exploit the dangerous part in the binary. Or you can use the second smart contract. Just remember if you go the smart contract route, you'll need to first understand how users are created and how passwords are usually protected in databases. The hardcoded creds should give you a hint on the protection used. After you sign-up and signin to the binary, you'll need to play around with the functions and when you get it to do something that confuses it, you'll pop what you need to pop.

    ROOT.TXT
    This is the other .5 part. The hint given in the file is rubbish, but there are good tips already on this forum, my 2cents; Don't slack off while looking into empty space.

    GL!

    Hack The Box

  • Hello, I'm trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx... and If I use the address of anyone else the sender account is not recognized... Someone can help me plz ?

  • Type your comment> @MrB33n said:

    Hello, I'm trying to interact with the contract but if I use an account I have created. I have not enough funds to send Tx... and If I use the address of anyone else the sender account is not recognized... Someone can help me plz ?

    You do not need funds

  • edited October 2019

    .

  • Got root! Nice box. All hints already in forum thread.

  • johny johny yes papa cracking hashes no papa telling lies no papa open your terminal Ah, ah, ah! For how long we should wait for user!?

  • Frustrating, but interesting box. I learnt a lot!

  • I'm not able to crack user hash? any hint will be helpful thanks.

  • Type your comment> @Z0d said:

    I'm not able to crack user hash? any hint will be helpful thanks.

    If you use the rock, the hash should unravel pretty easily.

  • Type your comment> @zard said:

    Type your comment> @Z0d said:

    I'm not able to crack user hash? any hint will be helpful thanks.

    If you use the rock, the hash should unravel pretty easily.

    I did the rock with two different tools and got nothing , maybe I'm missing something

  • @Z0d said:

    I did the rock with two different tools and got nothing , maybe I'm missing something

    I think you are headed for the wrong 'hash' since you are referring to a "user hash". By the way, I would recommend using the "Jumbo" (a.k.a community-driven) version of JTR for any conversion and cracking process; much better and efficient -- when you find the correct path, that is.

    artikrh

  • Type your comment> @artikrh said:

    @Z0d said:

    I did the rock with two different tools and got nothing , maybe I'm missing something

    I think you are headed for the wrong 'hash' since you are referring to a "user hash". By the way, I would recommend using the "Jumbo" (a.k.a community-driven) version of JTR for any conversion and cracking process; much better and efficient -- when you find the correct path, that is.

    The hash from that outerspace service right? which executed and found in some l**s .

  • This box was great fun and learned some new methods. I just have one question if anyone can help me out. I used the hints here to get the root hash because I don't know that my normal methods of enumeration would have lead me to the solution. For future reference what method would have lead me down the eventual correct path? Thanks all.

  • I'm sure i have the correct hash for user *ob** but couldn't crack it. Any help would be appreciated thanks.

  • Could any one give me a hint on b** user i got shell as a** user found something $6$ but not worked for me, PM please.

  • Someone can message me for hints plz ?? I am trying hard.

  • Type your comment> @MrB33n said:

    Someone can message me for hints plz ?? I am trying hard.

    where are you stuck at?

  • edited October 2019

    Thank you. I'm trying to interact with the smart contract using w3.** but if I use an account I have created I have not enough funds to send Tx... and If I use the address of anyone else the sender account is not recognized... Someone told me I didn't need funds to interact with it.

  • Type your comment> @MrB33n said:

    Thank you. I'm trying to interact with the smart contract using w3.** but if I use an account I have created I have not enough funds to send Tx... and If I use the address of anyone else the sender account is not recognized... Someone told me I didn't need funds to interact with it.

    There is a command in w3.** could extract accounts could be used to set something small them something larger to get shell . I didn't create any account only the ones already there.

  • The $6$ hash couldn't crack it, any hint or how to use c****-in** to obtain some secrets.... thanks or the $6$ hash is all i need!

Sign In to comment.