Json

Hints for intended root access: F…a is not the only program using F** on the host.

I have rooted this machine using a kernel exploit but I am very interested if there is another way (lets say somekind of misconfig). Pm me please in case u know

Nice box, I wasn’t very familiar with this technique (user). Little tip, while developing the exploit, inspect traffic between machines and don’t just rely on what you see in the output. The errors may make you believe your code did not execute while it may have.

Okay so this is gonna be a really noob questions, but we all start somewhere. I have been banging my head against this machine from a kali VM. I get that its a Windows target, but with the category of this machine being Windows, does that mean you USE a windows machine to own the machine, or does that just designate what type of machine it is and you can use whatever OS you want to get the user/root?

Type your comment> @LycanByte said:

Okay so this is gonna be a really noob questions, but we all start somewhere. I have been banging my head against this machine from a kali VM. I get that its a Windows target, but with the category of this machine being Windows, does that mean you USE a windows machine to own the machine, or does that just designate what type of machine it is and you can use whatever OS you want to get the user/root?

Generally it is NOT necessary to use the same OS, but in this case you are worth using a Windows VM to do some “offline” tasks.

Can anyone pm me some reference for yso*****. N**.? Checked on google, most of the use cases are for java. I dont know how to apply it for. Net ASP

Type your comment> @ausldavid said:

Can anyone pm me some reference for yso*****. N**.? Checked on google, most of the use cases are for java. I dont know how to apply it for. Net ASP

Here’s a good paper on json deserialization attacks in both .Net and Java:

Owned it …!!! If anyone want help msg me on discord icoNic#0097

I’m stuck with this one. Can’t get any reverse shell or anything. I only have A********** and that’s it. Could someone get me a hint or something?

Hi everyone,
Very stuck on getting the initial foothold.
I have discovered the following:
/js/an…la.-c…kies.js
/js/an…la…m.n.js
js/ap…m.n.js

and the authentication page.

The last page has a bunch of H*X code on it (by the looks of it) but I must say I am a bit stuck and would be great full for a nudge or two.

Rooted :slight_smile: I was stuck in one place, but @m3ll0 wrote a hint that works :slight_smile: Getting root is super easy with vegi :slight_smile:

Type your comment> @kamgor said:

Rooted :slight_smile: I was stuck in one place, but @m3ll0 wrote a hint that works :slight_smile: Getting root is super easy with vegi :slight_smile:

Ayy nice work :slight_smile:

PM for Nuggets

Hack The Box

Hello! I have done a TON of research on anything that I have found myself unfamiliar with while doing this box and have learned soooo much! I picked this box because JSON hacking is an area I am not comfortable in. However, it seems I still have just enough gaps in my knowledge to not quite understand how to get user.

So far:
Got past login easy
Found /a__/t___ and /a__/a___s
Understand what these are doing
Have mapped out the application and the related services etc
Understand the vulnerability to exploit and how it works
Understand how to craft a payload to exploit the vulnerability

Essentially I feel I can’t seem to understand how to locate where I should be sending my payload, how said vulnerability and attack should be executed in this context, and what to do with the information I have now in order to proceed with this form of attack.

I think everything I need is right in front of me but I can’t put the last pieces of the puzzle together. Any help is greatly appreciated! :slight_smile: I would also be grateful for any resources that may help me educate myself on this subject more! Thanks :stuck_out_tongue:

Hi!

I’m trying to get a little further for a looooong long while now, but im really stuck. So i’m reaching out to you guys.

I know i need to use the Yal.N tool. But i have no idea how to use it and more importantly, where to use it. I’m fuzzing with the /a/t** page and think this is where i have to inject. I also generated a HTTP 500, is this where i can find my info for the serial tool?

Can someone give me a nudge on where to inject and maybe which module to use?
Thank you!

-Edit:
I think i got a little further. I know where to inject. It’s the B***er if i’m not wrong. I got the system to talk back now. Just have to adjust my payload

i am stuck in root . i think i find correct exploit. but there is ID option which can differ depends on OS. I test this id with test script, find one value but still failed.

Edit:
Done. Just needed one more step

I have rooted this machine using a kernel exploit but I am very interested if there is another way (lets say somekind of misconfig). Pm me please in case u know

I have tried all the exploit suggested by the metasploit Windows Exploit Suggester and powershell Sherklock. However, none of it can help privilege escalation. Who can PM me which exploit I can use to do windows privilege escalation?

Finally, rooted. Thanks a lot for the help!

After a nudge for the initial foothold, I’ve found the p******.t** file (think it’s useless) and have tried username enumeration (attempting to get a different http response but to no avail). Not quite sure if i’m looking in the right places