Wall

i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.

i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.
Quote

Type your comment> @3322kr said:

Type your comment> @PanamaEd117 said:

Tired, ZAP, gobuster, dirb, dirbuster gui, sparta, not able to find anything other then the basic 3 dirsearch.py finds. Added extensions to dump all types of request verbage. nada. Could use some help here…

use the most common tool to intercept requests and then look at the responses of the directories you have found

^^^^ that right there got me the /c********* directory, ugh finally!!! Thank you @3322kr!!

onto the creds…

I finally rooted the machine
If anyone need help contact me on the hackthebox chat.
I might not answer here if i don’t see the messages.

Hi, I have been into the CVE and did required modifications but not the last piece. Could someone help me on the last thing to be modified?

I’ve been stuck on this for a few days and it’s very frustrating…
Can someone please tell me how to get the creds because I’m totally lost. I’ve tried using Burp to change the API request and brute forcing. I’ve also tried going back to dirbuster to see if I can find any more useful looking directories but no luck. Someone please help :frowning:

Spoiler Removed

Some hint for rev shell? I can’t bypass the Wall… I tried a lot of tricks but none of one worked… I’ve fighting with this since a few days, but I’m afraid I’m ignoring something trivial thing…
I need some advice in the right direction…

Edit: I found “TWO” solution :slight_smile:

Creds can be guessed an early entry in the rocking list will help.

I have read the CVE and can see what its doing so can manually set things up, the final post to activate can be done through Burp (I think)

If you run things manually you can see certain things are not accepted BUT i cant seem to get the right syntax, ive used various RCE command bypass and they say but wont execute :frowning:

could someone please give something to read about the syntax needed please as its killing me :confused:

Really enjoyed the machine.

The couple places where I got stuck, after reading this forum the answer became clear :wink: For those couple points, I kicked myself for missing them as it really is the basics.

Thanks @askar

Thanks @askar

I like the CVE machines, feel like I missed a lot. Looking forward to the writeups, because I assume somebody used the m*s** but I couldn’t get it to work.

I had a hard time with priv-esc. Kudo’s to those who think it’s trivial, if it hadn’t have been for the fact there are writeups because it’s been done before, no way.

Got a shell after quite a bit of trial and error at the RCE step. Could use a nudge for the privesc though. All the posts saying it’s so trivial make me believe I’m missing something very obvious.

Nvm, got it :slight_smile:

.

After a hiatus of 4 months, I came back and greeted myself with this box. It was engaging at the starting to get first rev-shell. The root was pretty straightforward. Try to learn the exploit if you are stuck at the script.

Hi all, i don’t find the creds.
I try with brute on api, is it correct path?
Tks

r00ted!

initial shell was a bit of a ball ache, the syntax can be tricky but google what you are trying to avoid and a great github page comes up. Plenty of hints on here around finding the application … the password is simple.

Went straight to root from initial shell, the exploit i used throws errors so if it doesn’t work try it again.

Can someone pm me a nudge for the root? I have spent several hours now with different enumeration scripts, tried several exploits for the kernel, nothing seems to execute. I am very demotivated since everyone says that root was so easy, but i’ve tried and tried :confused:

Found the exploit at last, really look through what is installed.

someone ping me i need help on making script for brute-force.please someone ping me

:stuck_out_tongue:

Struggling with CVE, tried to fix the script by tracing packets, it says 4** forbidden while PT request. Found the parameter with burp, tried to inject own payload vi UI, did encoding, tried different commands nothing working it says 4 forbidden. Kindly give some good hint.