Wall

Type your comment> @virtualgoth said:

Use packet capture tools to see what is happening when you send data to the server. >There is a reason why it doesn’t work. Understand what the exploit is actually doing. >Review the code to see what steps it is performing. Once you get it, you won’t need to >run the exploit anyway. You could script something that works 10x better.

This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.

What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.

Type your comment> @falqon said:

Type your comment> @virtualgoth said:

(Quote)
This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.

What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.

maybe try encoding…i hope thats not a spoil?

Please DM me on how to get the creds for /c*******
I’m totally lost.

please DM ME. HOW I CAN GET DIRECTORY? i tried to use dirb tools. but dirb is not show m*******/c******* etc… so i stuck next step. please help me

Spoiler Removed

Thank for @askar fun box. learned a lot! and also a big thanks too @133720 and @Pratik who helped me a lot.

PM for hints :slight_smile:

Type your comment> @lahirukkk said:

Thank for @askar fun box. learned a lot! and also a big thanks too @133720 and @Pratik who helped me a lot.

PM for hints :slight_smile:

You are welcome lahirukk.

can someone please tell me how to modify the exploit wasted a lot of time on nothing yet.Thanks in advance

I am stuck at w**-d***, I already did enumeration and tried some exploits. Some people mentioned that it should immediately catch ones eye what to exploit.

Can someone give me a nudge?

Rooted.
USER: do not rely on the exploit, write your own tools and combine with exploit
ROOT: its pretty easy, just look around, no need to enumerate
Thx @Y3llowMustang @rholas
PM if you stuck.

Type your comment> @falqon said:

Type your comment> @virtualgoth said:

Use packet capture tools to see what is happening when you send data to the server. >There is a reason why it doesn’t work. Understand what the exploit is actually doing. >Review the code to see what steps it is performing. Once you get it, you won’t need to >run the exploit anyway. You could script something that works 10x better.

This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.

What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.

To clarify, I mean for anyone who is only firing off the exploit and sitting back and it’s failing - a good place to start would be to capture the traffic and analyse the responses back to see at what specific point it’s failing. Then focus on that specific part of the exploit only and get that working first. Without a capture it might be hard to discern at what point it fails because if you are using the exploit on EDB - it won’t tell you what is happening and at what point - it will simply echo success even if this isn’t the case, hence you could script something that works 10x better by at least providing you feedback on the server responses as you supply different payloads.

As far as I could tell, there is no direct link to that in the GUI, for that I just mocked up the request in BS and sent it to repeater. That at least only requires session ID and no token which makes life a little easier. You should see feedback in the server response for that if you run a command that provides output if that’s helpful. If you are seeing no feedback from commands (and you are sure the command updated correctly by checking the GUI), then there must be a syntax error, sometimes I forgot the character at the end of the payload from EDB which caused the execution to fail.

Rooted… thanks to @PanamaEd117 & @NikolaITA for keeping me on the write path…lol and showing me the way.

Initial: i went through every tool and wordlist, before i said f it and used my trusty friend Google he/she was a CREDible pal
There’s a hint on page 7 that turned it around for me after i logged on, it s an oblique hint and it smells fishy to me :wink:

User/Root: after much researching and plenty of tea sessions with Bugs Bunny all it took was a nudge, and the rest is history

Learned quite a bit these last couple of boxes thanks to the authors and some solid peeps on here for that. :slight_smile:
But i wont be completely satisfied untill i can pop a box manually100% and on my own, then will i know i belong

can someone give me a nudge on priv sec. i enumerated and tried few exploits but wasn’t successful.

Thanks @askar .The box was awesome until user but root was kind of lame .

I am stuck in the c******* credentials! Tried brute-forcing with wordlists. Any tips please!!

Rooted.

It was a fun box, and I learned a lot from it. Thanks @askar

PM if you need a nudge.

i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.

i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.
Quote

Type your comment> @3322kr said:

Type your comment> @PanamaEd117 said:

Tired, ZAP, gobuster, dirb, dirbuster gui, sparta, not able to find anything other then the basic 3 dirsearch.py finds. Added extensions to dump all types of request verbage. nada. Could use some help here…

use the most common tool to intercept requests and then look at the responses of the directories you have found

^^^^ that right there got me the /c********* directory, ugh finally!!! Thank you @3322kr!!

onto the creds…

I finally rooted the machine
If anyone need help contact me on the hackthebox chat.
I might not answer here if i don’t see the messages.