Networked

11618202122

Comments

  • Type your comment> @Darkless said:

    So i'm pretty sure i'm on the right track, but I can't see anything but a " . " in the u...... folder. Yesterday I could see other peoples files there, but now nothing. Anyone has any idea as to why?

    Check some files and see what happens when you upload something and where does it go. If it says that the upload is successful than the file is uploaded. Check which pages you can open. From there on I am stuck as well.

  • Go user & root!
    Really fun box.

    Tips: bake something, then find a wild way in... Then try things out for root!

    Thanks!

  • This was a super fun box. Privesc is usually super hard for me, even tho it took me forever to figure out how to get user and root shells, it was at least nice to know I was looking at the right things, I just had to figure out what was being done so that I could make it do what I wanted, so I was forced to learn some things I didn't know, which was nice. (How do PHP devs not kill themselves? God that is ugly code)

    PM if you need a nudge

    Hilbert

  • i am so noob but i can got shell.. plse help i am still apache user..

  • Got user and got root!!!!
    As a complete noob into this.

    • Footstep: I found the pages fast, and had an idea what to do with it. Didn't know how to do it. Google is your friend. Had to try like 5 different methods before I found the one that work.
    • User: Once the footstep was in, other user actions on the shared box pointed me in the right direction. Googled for certain commands that I saw being used. Learned some new things, and after several attempts I was able to get user.
    • Root: Was actually the easiest part. Found the interesting file already duing the user hunt.
      You just need some basic linux networking info, to know what certain key scripts do
  • Rooted, once you get to the shell the way to take both user access and root access are somewhat similar, but with different files

  • Rooted. Feel free to PM me if you need a pointer (and not this kind https://xkcd.com/138/)

  • Finally got root. Tip for root if you've tried fuzzing for hours: Sometimes what you tell someone the first time might not matter, perhaps the second time around they will listen to your orders.

  • edited November 2019

    I am stuck with some ch*/cho for USER. Can some one help out?

    Got user. Time for root

  • Stuck on the apache shell. I thought that I could get user from that but I was wrong. Can someone nudge me on the php workings please?

  • I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.

    Discord: Ursa#1337

    Ursa

  • edited November 2019

    Yesterday I got into user privl by touch and funky name but today when I'm trying same method it isn't working can someone explain me why?
    //edit: My bad, everything works just fine.

  • I am so happy, have user access now!!

    Still no clue to get root though

    Hack The Box
    Silence, i'll hack you!! ;-)

  • Type your comment> @Ursa said:

    I’ve gotten to ‘the page’ and I have a script made, baked well and smelling tasty. The machine won’t bite and I’m wondering which piece of crust is giving me the problem. I can’t find anything worth changing in the headers (the ones I’ve tried changing don’t work out for me). Any help would be appreciated.

    Maybe the hint "GIF89a" gives you a clue ?

    Hack The Box
    Silence, i'll hack you!! ;-)

  • edited November 2019

    Got the initial low priv foothold. Been examining all the PHP files and their functions but still stuck on how to escalate from here to user. Someone please PM with help/nudge so I can move forward. I'm sure i'm seeing what is required (i can see what pattern the TOUCH has to be, just not sure how to put pieces together.)

  • edited November 2019

    Finally got root after 3 hours of overthinking.

    User tip:

    • GIF89a
    • cron
    • touch

    Root tip:

    • see what u can run as root with user g***
    • research about network-scripts
    • use basic linux commands

    If you need help, PM me. (please be as clear as possible, when message me. Like, what have you done, where are you stuck, etc.)

    Hack The Box
    Silence, i'll hack you!! ;-)

  • ROOOTEED!! thanx for help @D3Fix ... you are boossss

  • Type your comment> @Akagami said:

    ROOOTEED!! thanx for help @D3Fix ... you are boossss

    You are very welcome. It was a pleasure to give you the hints, to solve this.

    Hack The Box
    Silence, i'll hack you!! ;-)

  • @D3Fix I got it to work with png, I’m at the point where I have to look at a certain file to privesc. I appreciate your help and the pointer though.

    Discord: Ursa#1337

    Ursa

  • edited November 2019

    Not easy for beginners to obtain r00t without using the forums.

  • edited November 2019

    This root is the most stupid root I have ever encountered.lol

  • edited November 2019

    Got user thanks to all the helpful hints from @D3Fix

    Now onto root :)

    Edit: got root finally. Right as I was about to go to bed :)

    Feel free to PM with questions for nudges/help and i'll do my best to help you along.

  • Type your comment> @blooch4 said:

    Got user thanks to all the helpful hints from @D3Fix

    Now onto root :)

    You're welcome!

    Hack The Box
    Silence, i'll hack you!! ;-)

  • Isn't user apache?
  • Rooted!
    Getting the initial foothold is fun. There are a bunch of hints here for user. The link to an article posted earlier is the clearest explanation of what you are trying to do.

    When I first got user, there was a power outage just as I was going to grab the flag... Great timing!

    The advice in this thread to keep things simple for root are spot on. I wasted time over complicating things. Basic enumeration. Basic linux commands.

  • edited November 2019

    hey, im stuck as a***** shell, i cant figure out where to touch as everything seems to be denied ive read c****_a*****.*** and think i know which i need to touch but it just says perms denied? any help would be appreciated

    EDIT : nvm i got user

  • If anyone is good at PHP, I’d very much appreciate a PM. I don’t want to put too many details here, but two parts of a certain script are troublesome and I can’t find what they do anywhere online.

    Discord: Ursa#1337

    Ursa

  • I got root, but dont quite understand why it works the way it does... if anyone that understands it could PM me and bestow that knowledge upon me, I'd really appreciate it!
  • edited November 2019

    Type your comment> @Ursa said:

    If anyone is good at PHP, I’d very much appreciate a PM. I don’t want to put too many details here, but two parts of a certain script are troublesome and I can’t find what they do anywhere online.

    You can PM me if you still need help

    Hack The Box
    Silence, i'll hack you!! ;-)

Sign In to comment.