Json

1235710

Comments

  • Cool little box, well done. Low-priv foothold taught me a fair bit, and found 3 different privesc vectors once I was in. 5 stars!

  • edited October 2019

    Got root, pretty nice box. Thanks @amra13579
    I still don't know what to do with F___Z___a, so if someone got root with that, please PM

  • Can I get a quick PM about initial foothold? Keep getting subsequent errors with POCs.

  • aehm... ys******l and the bunch of parameter... too many quotes for the upload of a payload (trying to get root). Any suggestion?

    BadRain

  • fun ride after forest, straight forward box, no windows vm needed for ys******.
    thx to @amra13579

    SekIsBack

  • Type your comment> @BadRain said:

    aehm... ys******l and the bunch of parameter... too many quotes for the upload of a payload (trying to get root). Any suggestion?

    update:
    payload uploaded... but can't run it! :(

    BadRain

  • Very good machine, and I usually hate windows ones. I had fun with the user part.

    ReK2

  • so,, whenever i log in after a 3 seconds booom they kick me out.... there is block in signing in on their web? help with it... its very frustrated
  • Finally rooted.

    For those of you struggling to get a payload to execute, the Stormtrooper is your friend. That's where I was stuck for a lonnngggg time. The rest of what you need is in this thread.

  • edited October 2019

    got stuck for about 2 days on privesc chasing rabbit holes thanks to hashcat.

    If anyone wants nudges P.M me :)

  • Ok, got in as u******l... got a reverse shell... almost there....

    BadRain

  • Rooted

    Quit interesting (and fast) machine.
    Still dont know why my payload didnt work but thanks to @nullorzero for helping in debugging something we both didnt see

  • Rooted.

    The most interesting thing, That I developed a python exploitation script to automate the process for initial shell.

    really enjoyed. many thanks.

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • got meterpreter working, but can't find the right exploit

    BadRain

  • please dm me if someone knows the way to root via the service, i used the vegetable way as well :D thanks for all the help and @johndoe :D

  • edited October 2019

    Hi there,
    I am new to this forum, I picked this machine actually to learn something about JSON.
    I spent most of the time trying understanding Angular and J****W***T**** and I've "decrypted" the js file. I used default creds.Any clue (web resources) on how to move on would be really much appriciated.

    Thx a lot.

  • Hints for intended root access: F.......a is not the only program using F** on the host.

    bumika

  • I have rooted this machine using a kernel exploit but I am very interested if there is another way (lets say somekind of misconfig). Pm me please in case u know

    Ch0p1n

  • Nice box, I wasn't very familiar with this technique (user). Little tip, while developing the exploit, inspect traffic between machines and don't just rely on what you see in the output. The errors may make you believe your code did not execute while it may have.

    m3ll0

    OSCP

  • Okay so this is gonna be a really noob questions, but we all start somewhere. I have been banging my head against this machine from a kali VM. I get that its a Windows target, but with the category of this machine being Windows, does that mean you USE a windows machine to own the machine, or does that just designate what type of machine it is and you can use whatever OS you want to get the user/root?

  • Type your comment> @LycanByte said:

    Okay so this is gonna be a really noob questions, but we all start somewhere. I have been banging my head against this machine from a kali VM. I get that its a Windows target, but with the category of this machine being Windows, does that mean you USE a windows machine to own the machine, or does that just designate what type of machine it is and you can use whatever OS you want to get the user/root?

    Generally it is NOT necessary to use the same OS, but in this case you are worth using a Windows VM to do some "offline" tasks.

    bumika

  • Can anyone pm me some reference for yso*****. N**.? Checked on google, most of the use cases are for java. I dont know how to apply it for. Net ASP

  • Type your comment> @ausldavid said:

    Can anyone pm me some reference for yso*****. N**.? Checked on google, most of the use cases are for java. I dont know how to apply it for. Net ASP

    Here's a good paper on json deserialization attacks in both .Net and Java:

    https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf

    Hack The Box

  • Owned it ...!!! If anyone want help msg me on discord icoNic#0097

  • I'm stuck with this one. Can't get any reverse shell or anything. I only have A********** and that's it. Could someone get me a hint or something?

  • edited November 2019

    Hi everyone,
    Very stuck on getting the initial foothold.
    I have discovered the following:
    /js/an..la.-c..kies.js
    /js/an..la..m.n.js
    js/ap...m.n.js

    and the authentication page.

    The last page has a bunch of H*X code on it (by the looks of it) but I must say I am a bit stuck and would be great full for a nudge or two.

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Rooted :) I was stuck in one place, but @m3ll0 wrote a hint that works :) Getting root is super easy with vegi :)

  • Type your comment> @kamgor said:

    Rooted :) I was stuck in one place, but @m3ll0 wrote a hint that works :) Getting root is super easy with vegi :)

    Ayy nice work :)

    m3ll0

    OSCP

  • PM for Nuggets

    Hack The Box

  • Hello! I have done a TON of research on anything that I have found myself unfamiliar with while doing this box and have learned soooo much! I picked this box because JSON hacking is an area I am not comfortable in. However, it seems I still have just enough gaps in my knowledge to not quite understand how to get user.

    So far:
    Got past login easy
    Found /a__/t___ and /a__/a___s
    Understand what these are doing
    Have mapped out the application and the related services etc
    Understand the vulnerability to exploit and how it works
    Understand how to craft a payload to exploit the vulnerability

    Essentially I feel I can't seem to understand how to locate where I should be sending my payload, how said vulnerability and attack should be executed in this context, and what to do with the information I have now in order to proceed with this form of attack.

    I think everything I need is right in front of me but I can't put the last pieces of the puzzle together. Any help is greatly appreciated! :) I would also be grateful for any resources that may help me educate myself on this subject more! Thanks :P

Sign In to comment.