Json

I need a help with the payload ys … net my command line P … shell is a batch command so I could not operate without the “” that are necessary for the batch

solved

I had problems with the intended privesc route, but I checked it again after rooting and it is definitely very easy. No need for veggies here. If you use j*, make sure you know which format to give it or it will complain without giving a very useful error message.

Thanks @Cyb3rb0b, had a lot of fun with this one. Initial foothold was one of the first tricks I learned about when I was just getting into infosec and it was very cool to get to use it.

hey, im trying a simple ping, dont get anything, is the machine broken or my payload ?

edit: works now

Finally rooted.
Wow that was a journey.
Thank you @Cyb3rb0b for that challenge.
A very big thank you to @parteeksingh for helping me out on the last steps :slight_smile:

Happy hacking folks :slight_smile:

hey, so then it is me :smiley:

I am trying to get the payload to work. Feel like i have tried to edit in all ways in order to get the yso… payload to work. Just cant get it to work.

Can someone help me out? PS: i am not using a Windows VM :slight_smile:

would be happy for a PM to help me out :slight_smile:

Can someone provide a nudge on Priv Esc? I know what the exploit is. But not sure why, the exploit keeps failing. Stuck on this from long time. :confused:

Can someone throw a hit where to read… found that /a***/*****n page which works with json… but dont understand how i can get any credentials info out of it? just bruteforce password?

I rooted the box, but don’t know why that vegetable worked can anyone PM me for help?

Hi, finally rooted this machine.
If someone used the “vegetable” to priv, can explain me why? I found another way. But I can understand when I can use the “vegetable”.

If you need help, p.m. for hints.

Hack The Box Hack The Box

I got the user.
I’m trying to decrypt fz* pass. I tried with many wordlist but still don’t get anything out of it. What am I missing?

EDIT:
Rooted with veggies in the end!

I can’t to figure out how to compile and use ys*******.n** . Anyone willing to help me out… :slight_smile: DM me please…

Type your comment> @Hav0k said:

I can’t to figure out how to compile and use ys*******.n** . Anyone willing to help me out… :slight_smile: DM me please…

Many tools use ViSual displays for their code and its easier with a studio to work in

*I should mention this is as far as I have gone

Type your comment> @zeroes said:

Type your comment> @Hav0k said:

I can’t to figure out how to compile and use ys*******.n** . Anyone willing to help me out… :slight_smile: DM me please…

Many tools use ViSual displays for their code and its easier with a studio to work in

*I should mention this is as far as I have gone

Usually on github there is a release tab which has taken cared of this for you already. :slight_smile:

Thank you @acidbat and @zeroes

Type your comment> @acidbat said:

Usually on github there is a release tab which has taken cared of this for you already. :slight_smile:

TIL

Anyone who can DM me quickly to help out with the user, I have a lot of directions explored but not much JSON experience, just need a general ‘go that way’ pointer.

Anyone who can DM me for user I have no clue about Json I want general information to start

I got these two error
HTTP/1.1 415 Unsupported Media Type
HTTP/1.1 500 Internal Server Error
any nudge
is there any tools can I use it ?

I found the vulnerability but I don’t know how can I execute it any hint please DM me

Quite new at all of this i have managed to i think get user, but dont know where to go from there. Please DM me if anyone would care to help