Bitlab

17810121317

Comments

  • Stuck at 429 Too many requests 'Retry later' - someone brute forcing or am I on the wrong track?

  • edited November 2019
    Can someone help me with g** P*** method?? Getting errors while executing it.

    Appreciate your help!!.

    edit: Got the shell.
  • Rooted the "shortcut" way :)

    Tips:

    • Shell

      • Be thorough with your enumeration, read everything you find
      • After finding the credentials look at the repos. What do they contain? Can you edit them?
    • Root

      • Can you run something as root?
      • What a shame you can't edit configuration... or could you?
      • The command usually take certain shortcuts but you can configure it not to

    Good luck! PM me if you need additional guidance.

  • My hints for root :

    Don't be discouraged by the executable file.

    You don't need to be experienced in RE. I used Wine32 + ollydbg.

    Check the ASCII strings in order to understand the purpose of the different functions. Then take a break, and go slowly in order to find the information you are seeking.

    Thank you for the box.

    twypsy

  • edited November 2019

    Initial foothold: I've found the credentials after enumerating the website but when I try logging in with them I get a "retry later" message. Is that normal ?

    EDIT: that's weird. Credentials now work...

  • Okay I feel a bit bad to ask this.. How do I run the file I uploaded in gitlab? I see that admin has a file that pulls every new merged file but then where does it go!

  • Initial shell and User was quite fast to get. My tip is not to overcomplicate things when trying to spawn the initial shell. Everything you may need for an upload and deployment is already there. Carefuly read through the things at hand, everything can be done through the browser.

    Regarding the "w-d" -> "r" method. Would really appreciate some nudges on how to setup the ho. Is the docker part a rabbit hole?

  • edited November 2019

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root),1000(c****)

    Hint for root via user c**** (maybe another way beside g**, or file R*****.***):

    • Enumerate everything.
    • That version is exploitable.
  • Rooted through w-d, PM for nudges :)

  • I was overthinking this quite a bit. In the end it was super easy but I learned something at least.

    Rooted through g**
    PM for help if you're interested in this approach

    GPLO

  • none of mydir scearches works rty them all,,
    dirbuster for al little bit then nothing..
    please advice.

    Hack The Box

  • any can share some nundge with RE ? for DM if you want :)

  • Like this box, still need to figure out user but so far good fun

    Hack The Box
    Silence, i'll hack you!! ;-)

  • Finally rooted! Probably my favourite box so far, thank you very much @Frey and @thek !

    Ok, so my tips:

    Foothold: Enumerate! Initial shell is simple-ish, but keep enumerating in the UI. Click every link under the sun! No exploits/guessing/brute-forcing involved to get in!

    User: again no exploits. Enumerate the box. Find out what services there are and try to query them.

    Root: you guessed it, no exploits. I ended up going the reverse way here, so I'd love to hear from the people that went www->root or using g******** ****! I tried that method but I could not get it to work! This is not as hard as it looks, but being a linux reversing guy this kinda baffled me for a few hours (and also I now remembered by I dislike windows...)

    This was such a good box because it demonstrated real-life setups and vulnerabilities not because of old versions (per se), but because of how boxes are setup (over permissioned-binaries, misconfigured or over-exposed network services, people sticking keys in places they really should not be etc)!

    SIG

  • for login page should I guess username and password ?
    or there anyway to get shell

  • I found credentials for c**** loged into gitlab uploaded a php rev shell but dont know how to execute this..is this the right way to get low priv shell ...please help

  • Type your comment> @0X44696F21 said:

    Finally rooted! Probably my favourite box so far, thank you very much @Frey and @thek !

    Ok, so my tips:

    Foothold: Enumerate! Initial shell is simple-ish, but keep enumerating in the UI. Click every link under the sun! No exploits/guessing/brute-forcing involved to get in!

    User: again no exploits. Enumerate the box. Find out what services there are and try to query them.

    Root: you guessed it, no exploits. I ended up going the reverse way here, so I'd love to hear from the people that went www->root or using g******** ****! I tried that method but I could not get it to work! This is not as hard as it looks, but being a linux reversing guy this kinda baffled me for a few hours (and also I now remembered by I dislike windows...)

    This was such a good box because it demonstrated real-life setups and vulnerabilities not because of old versions (per se), but because of how boxes are setup (over permissioned-binaries, misconfigured or over-exposed network services, people sticking keys in places they really should not be etc)!

    We are glad that you enjoyed it :D

    Hack The Box

  • Can I have nudges when I use sudo g** it asked me for password

  • w4xw4x
    edited November 2019

    Wow, WTF ? Oo

    [email protected]:~# cd /root
    bash: cd: /root: Permission denied
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~#

    EDIT : Lol, i was using a fake exploit.. -_-

    If i helped you, +1 respect please !

    Hack The Box

  • edited November 2019

    I am having a lot of trouble with the RE path to root. Anyone able to assist with a primer on this stuff? I found many items that look worth while and KIND of understand assembly to the extent that I know what some of the letters mean.

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • [email protected]:# hostname;whoami;date
    bitlab
    root
    Thu Nov 14 22:05:55 UTC 2019

  • Type your comment> @heuvosenfuego said:

    I am having a lot of trouble with the RE path to root. Anyone able to assist with a primer on this stuff? I found many items that look worth while and KIND of understand assembly to the extent that I know what some of the letters mean.

    same. and im not at user. my next move is to explore the daba to try and get user.

    but this playlist helped me

    its all linux but it was a good intro for me

    this is like a fictional intro to understanding hardware
    https://sockpuppet.org/issue-79-file-0xb-foxport-hht-hacking.txt.html

    i have no clue abt hardware and have been doing php and python for years so this helped

    id love to see other ppls favorite resources

  • w4xw4x
    edited November 2019

    Rooted from www-data.. :)

    Thanks for this box, it was very interresting !

    [email protected]:/home/clave# whoami;date
    whoami;date
    root
    Fri Nov 15 18:10:21 UTC 2019
    [email protected]:/home/clave#

    Feel free to PM me for hints ( user / root)

    If i helped you, +1 respect please !

    Hack The Box

  • Rooted after some issues with getting situated with the software working. Went the RE route instead of other ways. Interesting and felt satisfying to get the info. Fun AND useful stuff this is.

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • Rooted after some issues with getting situated with the software working. Went the RE route instead of other ways. Interesting and felt satisfying to get the info. Fun AND useful stuff this is.

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • I got root user from www-data. thank you @w4x
    But I don't understand how I get to cl*** user from www-data?
    Please help me

  • edited November 2019

    Aaaaand that's it...
    Rooted bitlab... used the direct way for it
    anyone wants a nudge, just dm me.
    Also thanks @w4x for the nudges

  • Rooted this box !
    I did with the classic way, user to root, without *** method.

    If you want some hint, feel free to ask me.

    Foothold:
    Enumarate and check carefully curious things.

    User:
    Check one thing where maybe you can find something..!

    Tips: Root
    Don't overthinking, just stepping to the juice of the code.. !

  • Good box. Went to root with RE, will try to get it using different approach

  • Rooted. Thanks @W4x, @Alpha19, @Tatsuya.
    PM for hints.

Sign In to comment.