Craft

191012141519

Comments

  • Hi @ all ! Started with Craft and got Creds from d***** to login and also got ssh key! Tried to exploit the e*** on system it works but when posting on the server it doesn't! Now i'm stuck can someone help me ? THX to all for helping me :smile:

  • edited September 2019

    Hi all,
    I found d***** creds, using which I exploited a certain function to get back a reverse shell. However, I am in a B****** shell, I think. Can't do anything from there. Not sure how to get out of it. Pls PM me someone, any kind of nudge would be appreciated.
    Thanks :)

    Rooted. Lol. :)

  • Is there no webpage? If I go to http://10.10.10.110 I get unable to connect. but I can namp it and see 2 open ports. Is that normal?

    Hack The Box

  • edited October 2019

    Did anyone have any issues with their SSH client hanging after successful authentication? I am working on getting user and believe I have found the correct path. Found interesting file while enum in jail and ran SSH in verbose mode to see auth was successful.

    Fixed --> Note to anyone that comes across same issue, don't throw everything at the door until you know what you have.

  • Hey all,

    Can someone pm me help on getting initial foothold, I am able to get RCE however I am not able to get a callback or the desired output i'm expecting. I believe i know what I have to do, according to an article i found online, however i can't seem to get it working. I believe it's due to my lack of understanding of how python works and would like to discuss further with someone via PM to avoid spoilers.

  • I'm stuck in jail, could someone send me a PM for a little push? thank you very much in advance ^^

  • Type your comment> @invictim said:

    If anyone is getting stuck after RCE and interacting with db (before getting user), and you're using commands with * to enumerate but getting single responses, try commands that select things 1 at a time.

    Thanks so much, this is so good!

  • edited October 2019

    I found p*****s in d*****e, but not working with s*h.
    Oh, another user nice

    user.txt good

    Fight with v.....t

    login to v**** with s*** policy, what next?

    root.txt 831...

    PM me if u stuck

  • Hi Guys im stuck on Gil** user and i don't know how to escalate to root can someone give me a nudge. PM's are welcome

  • Anyone around that would be able to take a look at my syntax and tell me what I'm doing wrong?

    I'm getting "{"message": "The browser (or proxy) sent a request that this server could not understand."}"

    when I try to c*** and create a new b***

  • rooted.
    whoa, what a ride. Nice box!
  • @Lycist

    That might be escaping problem. Try easier way via w**

  • It's very realistic machine ! <3
    If you need nudge PM me

    Mr.Shellby

  • edited October 2019

    Why the fuck do I have the message " **** failed, invalid key"............. when I try to create my root token

    im stuck on this very last step, please help me in private message ty

    ok rooted, was easy as fuck, I dont know what is the interest of v***t if you can connect like that

  • Well this was interesting. The user had layers and layers, like Shrek... i mean onions. The root on the other hand was just... getting it. thanks @rotarydrone

    Blaudoom
    Discord: Blaudoom#1254

  • Finally! Finished with this damn box... Though it was fun in hindsight.

  • edited October 2019

    Hi guys, trying to get my initial shell but keep on getting this error {"message": "An unhandled exception occurred."}, can someone help me?

    edit: never mind made it work
    user owned
    root owned

    Hack The Box

  • Finally rooted.
    User is very complex and layered.

    The best hint I've found on the forum, for jail escaping, was "LEARN SQL" :D
    It sounds a bit harsh but it's not.

    Root is easy if you have experience with do****.
    I don't. But if you read the documentation from gogs you'll figure it out.

  • Among the best machines I've done, it gets you in touch with several technologies, thanks @rotarydrone.

    Uvemode
    OSCP | eCPPT |

  • Can anyone help me with the payload? I dont get it to work for some reason.

    Best regards Luemmel

    OSCP
    Luemmel

  • I used gobuster but I can't find any files or directories and none of the links work, I'm really still stuck on the index page. Can someone help me?

  • @rotarydrone awesome box, I really loved the process and the design, plus learned some more, which is always nice.
    Hope to see another box of yours soon :)

    Hack The Box

  • edited October 2019

    @sazouki said:
    damn i got ssh key from that use repo and it ask for passphrase when im trying to login ?

    Same here. "Invalid format for [s**] key " a nudge would be helpful. Figure I'm close to user.

    Ok, I got user now. I now understand why the errors...needed to look closely at the key I had.

    Then I'm guessing I will focus on v**** to get root although I have no experience with d*****.

    Yep. root.txt. Had to reset the box though before the final command worked to get me in.

  • Can someone please PM me about getting user. Cant understand how correctly interact with JSON and where to look to drop a shell...

    Hack The Box

  • Can someone PM me for a hint?

    I am currently in Jail, found creds for DB and don't know where to use it (they are not usable in G***). I changed the SQL statement in the file I found. to enumerate databases and tables, but no success so far.

  • edited October 2019

    Rooted.
    Initial was tricky, but after that getting user.txt and root.txt took me about 30 minutes - probably because I spent way to much time reading all source code.
    PM me for a hint.

    CEH | Red Team

  • PM for nuggets

Sign In to comment.