Json

After a nudge for the initial foothold, I’ve found the p******.t** file (think it’s useless) and have tried username enumeration (attempting to get a different http response but to no avail). Not quite sure if i’m looking in the right places

Hi everyone,

Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

Type your comment> @acidbat said:

Hi everyone,

Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

Yes, it is.

Type your comment> @bumika said:

Type your comment> @acidbat said:

Hi everyone,

Stuck on initial foothold.
General noob question:
Is it correct of me to presume that obtaining the username + password for the logon page is essential before considering sending any form of payloads?

Yes, it is.

Cheers :slight_smile:

Hi
User: I can ping myself but can not get reverse shell using powershell and DownloadString method please Help me

user: main problem is to do it without installing windows VM
root: took 20 minutes, too easy :frowning:

Hey there,

I have generated a payload using ys#s##al
However when trying to send the payload using burp I get the following message:
{“Message”:“An error has occurred.”,“ExceptionMessage”:“Invalid format base64”,“ExceptionType”:“System.Exception”,“StackTrace”:null}

Bit confusing since the format is base64…

For the inital foothold I managed to create a ping payload which works, but I fail to create a payload that would either give me a rev shell back or transfer files to victim. Can someone give me a nudge on getting the payload right?

UPDATE:
rooted!
User: When constructing the payload, think about special characters.
Root: Nothing really to add here. A lot of hints already here in the forums.

LOST. Just… lost.
Intercepting requests, see the potential attack vector. Not sure how to actually execute it.
Please could someone PM me to discuss… Really stumped with this one.

I have been trying so many things with no luck. Will anyone help me out with the initial foothold? DM me please?

I need a help with the payload ys … net my command line P … shell is a batch command so I could not operate without the “” that are necessary for the batch

solved

I had problems with the intended privesc route, but I checked it again after rooting and it is definitely very easy. No need for veggies here. If you use j*, make sure you know which format to give it or it will complain without giving a very useful error message.

Thanks @Cyb3rb0b, had a lot of fun with this one. Initial foothold was one of the first tricks I learned about when I was just getting into infosec and it was very cool to get to use it.

hey, im trying a simple ping, dont get anything, is the machine broken or my payload ?

edit: works now

Finally rooted.
Wow that was a journey.
Thank you @Cyb3rb0b for that challenge.
A very big thank you to @parteeksingh for helping me out on the last steps :slight_smile:

Happy hacking folks :slight_smile:

hey, so then it is me :smiley:

I am trying to get the payload to work. Feel like i have tried to edit in all ways in order to get the yso… payload to work. Just cant get it to work.

Can someone help me out? PS: i am not using a Windows VM :slight_smile:

would be happy for a PM to help me out :slight_smile:

Can someone provide a nudge on Priv Esc? I know what the exploit is. But not sure why, the exploit keeps failing. Stuck on this from long time. :confused:

Can someone throw a hit where to read… found that /a***/*****n page which works with json… but dont understand how i can get any credentials info out of it? just bruteforce password?

I rooted the box, but don’t know why that vegetable worked can anyone PM me for help?

Hi, finally rooted this machine.
If someone used the “vegetable” to priv, can explain me why? I found another way. But I can understand when I can use the “vegetable”.

If you need help, p.m. for hints.

Hack The Box Hack The Box

I got the user.
I’m trying to decrypt fz* pass. I tried with many wordlist but still don’t get anything out of it. What am I missing?

EDIT:
Rooted with veggies in the end!