Craft

1111214161719

Comments

  • Rooted! excellent box, a little frustrating at times but thanks to my mentor @FailWhale for keeping me from tossing my rig off the balcony, a great teacher for telling me just enough to push me in the right direction. My only advice is, dont lose your shit , or you may end up without a computer to finish with lol. Thanks to @rotarydrone for a box that taught me alot.

  • edited November 2019

    Can someone please PM me? I am having problems with SSH keys.
    Edit : Omfg, user was that stupid.
    Edit : Rooted. Thank you all for the hints

  • edited November 2019

    Can someone please give me a nudge for the RCE payload? I can receive pings but shells won't work (tried different languages, too)... I'm stuck here for days.

    Update: Nevermind, got it working now. That was a tough one...

  • Rooted, Fun Box
    PM for hints

  • Rooted. Thanks for great box.
    But you here for the hints are you? ;)

    Foothold:

    • Git remember about every you mistake. Even if you think you have fix it, git remember...
    • RTFM about local api, Read the source code and comments.

    User:

    • Insecure methods and user input ... again
    • You will be contained with several objects. Try to understand, what methods you can use, and read source again, to understand what may be useful.
    • Enumerate and you will get the key

    Root:

    • Right over your nose

    PM for hints, hope not too spoiled

  • Nice Box

    Rooted

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

  • Cool box and real life example.
    Although had lot's of problems with the correct syntax for the reverse shell, thanks @sn4k3r1tu4l for the nudge on the syntax.

    After the reverse shell user and root was easy.

  • Finally got root!!! It took me so looong to get user!
    I've enumerated everything (many times)... At the end, i knew whole environment like my pockets. Because of that, once got user, it took me about 5 minutes to get root.

    There's everything you need on this board to get both (without any prevous knoledge). Have fun ;)

  • Rooted! Arguably the best machine I've done on HTB so far.

    Really struggled with the payload. I'd love to hear from others what payload did they use. I wonder if my way was the only one.

    Hints:

    • The forum thread is very informative for HTB standard. Spoilerish sometimes. I knew what to do to move from foothold to user even before having foothold.

    Foothold:

    • Enumerate. A lot. Look under every stone but not in CTFy way. Just look at what the public systems offer and follow the crumbs
    • When you find a vuln you'll struggle with a payload (I know I did). Don't fret, just take it slowly. Try simple things first, build up on them. Make sure your payload does what you think it does, test locally.

    User:

    • Use what you already know to gain more information. You'll even have almost-ready scripts for that
    • Enumerate even more with your new info
    • Remember: these guy's (the dev team from the box) suck at security. Use their mistakes

    Root:

    • It's really easy, compared to the user
    • Find the tool, RTFM, root dance
    • BUT copying command from tutorial won't do. Make sure you know the keys before you try to stick them into the hole

    If you still have problems, PM me, I'll try to help.

  • Rooted - really fun box. Plenty of hints here already,b ut if you get stuck you're welcome to PM me.

  • edited November 2019

    Rooted.
    Fun box!

    User is harder for me than root as usual.

    User is not easy and if you get frustrated then PM me for hints.
    Root is very easy

    Hack The Box

  • Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I've tried every single escape char I can think of but I still get that error. I'm using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.

  • edited November 2019

    My hints for user.

    1º There's one evil function that can be abused.

    2º If your reverse shell dies fast, try with a different one. No need to complicate things.

    @birb said:

    Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I've tried every single escape char I can think of but I still get that error. I'm using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.

    You are getting an exception since you are doing something the application didn't expect.

    That doesn't mean however your payload hasn't been executed. If you are with a payload already, try to create a reverse shell. That's the best way to see if your approach is working or not.

    twypsy

  • edited November 2019

    Rooted!

    Really cool box. Lot of fun related to Linux common tools. Very realistic.
    There are a lot of hints in this thread.

    Thank you @rotarydrone for making this box.
    If you need more help, PM me.

    =)~
    
  • Pwned! My first active box!
    Thanks @Heilla and @melqhart for helping me out.

  • i am stuck on rev. sh.
    I found RCE and tried every possible rev but it keeps saying "An unhandled exception occurred.", a little nudge?

  • I don't know if I did this the wrong way but I never got a low priv shell, the shell I got was root right away. Is this what is meant to happen? Please pm me so we can discuss what I did without spoiling any info here. Thanks

  • Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason

  • Can anyone help me with etc/hosts part?
    I'm a bit stuck

  • Type your comment> @n3k0m4 said:

    Can anyone help me with etc/hosts part?
    I'm a bit stuck

    it's fine I got trough it !

  • Type your comment> @Tatsuya said:

    Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason

    I think everyones acted strange

    Hack The Box

  • edited November 2019

    That was a great box.

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    Hack The Box

  • edited November 2019

    Been struggling quite a lot to get the payload syntax for initial shell, would love to get some explanations about it and some help getting it fixed.
    edit : nvm got it

  • edited November 2019

    I don't know how to get out of the jail please help me..

    Edit: got user !

  • Rooted, that was a funny box.

    Thanks @rotarydrone !

    Feel free to PM me for hints (user / root)

    If i helped you, +1 respect please !

    Hack The Box

  • hi ,, i need reall help with the getting shell part as i know what i want to do but cant figure that out correctly, i will appreciate u if help me pass this step as im stuck like 10 hours

  • Amazing box, so many rabbit holes

    Feel free to PM me if you need help

  • Rooted! This was a great box, thank you @rotarydrone ! It was a super realistic box (uses tech I use at work, simulates the workflows of a modern dev shop very realistically)

    There are 0 exploits needed for this, apart from the initial foothold. Also 0 guessing. This box is all about enumeration. Once you know where to look, the path from there is straightforward!

    SIG

  • edited November 2019

    I have a initial shell but having trouble editing files or anything so I can access the d******e using creds from s******s.py, and the usual python command to get a more stable shell isn't working for me. Any help?

    E: nm, didn't look at shells enough

    Rooted! Very fun box

  • [email protected]:~# cat root.txt
    Very good box.

    the first priority to the ninja is to win without fighting.

Sign In to comment.