Bitlab

18911131417

Comments

  • Anyone can help me with RE to get root, please? I'm stuck since last week :/

  • edited November 2019

    ...

  • I gained root through a known VULN, but not RE. I have the O*** loaded, but since I haven't used this on Kali before, I'm receiving a bunch of DLL errors. I'm guessing this is because my Wine isn't setup currently? I'm using a Kali image on Windows VM. Should the RE load without any errors on run? I'm guessing it's a 32-bit program? I've also used the st**** program that displayed plenty of info.

  • edited November 2019

    Hello,

    So far,

    • I have enumerated the login credentials ~"c" & "1"
    • I logged in and uploaded php reverse shell. I started listening before uploading the shell and tried all the options available. And none triggered the shell.

    Note: Again I enumerated the directories/files and found the shell file and got the shell following the enumerated path.

    Question:
    How to trigger the shell right way? is there anything I am missing? the upload directory path? or anything i should note of?

    Thank you in advance!!

    PS: I an not a git fan or git user. This is the first time ~ git getting me:(

  • Type your comment> @eight said:

    Hello,

    So far,

    • I have enumerated the login credentials ~"c" & "1"
    • I logged in and uploaded php reverse shell. I started listening before uploading the shell and tried all the options available. And none triggered the shell.

    Note: Again I enumerated the directories/files and found the shell file and got the shell following the enumerated path.

    Question:
    How to trigger the shell right way? is there anything I am missing? the upload directory path? or anything i should note of?

    Thank you in advance!!

    PS: I an not a git fan or git user. This is the first time ~ git getting me:(

    same here, im not a git user too. Dont have any idea on how to get the reverse shell. been committing the php files.

  • Type your comment> @nobodyatall said:

    Type your comment> @eight said:

    Hello,

    So far,

    • I have enumerated the login credentials ~"c" & "1"
    • I logged in and uploaded php reverse shell. I started listening before uploading the shell and tried all the options available. And none triggered the shell.

    Note: Again I enumerated the directories/files and found the shell file and got the shell following the enumerated path.

    Question:
    How to trigger the shell right way? is there anything I am missing? the upload directory path? or anything i should note of?

    Thank you in advance!!

    PS: I an not a git fan or git user. This is the first time ~ git getting me:(

    same here, im not a git user too. Dont have any idea on how to get the reverse shell. been committing the php files.

    Once login, upload through all possible projects, snippets, branches!! then use directory busters to find the path. That's how I got my low prov shell. Hope this is not a spoiler!!

  • Type your comment> @eight said:

    Type your comment> @nobodyatall said:

    Type your comment> @eight said:

    Hello,

    So far,

    • I have enumerated the login credentials ~"c" & "1"
    • I logged in and uploaded php reverse shell. I started listening before uploading the shell and tried all the options available. And none triggered the shell.

    Note: Again I enumerated the directories/files and found the shell file and got the shell following the enumerated path.

    Question:
    How to trigger the shell right way? is there anything I am missing? the upload directory path? or anything i should note of?

    Thank you in advance!!

    PS: I an not a git fan or git user. This is the first time ~ git getting me:(

    same here, im not a git user too. Dont have any idea on how to get the reverse shell. been committing the php files.

    Once login, upload through all possible projects, snippets, branches!! then use directory busters to find the path. That's how I got my low prov shell. Hope this is not a spoiler!!

    that's a great idea pal, gonna try it out.

  • edited November 2019

    deleted

  • Rooted, really enjoyed the box.

    Feel free to PM for hints!

  • Type your comment> @nobodyatall said:

    Type your comment> @eight said:

    Type your comment> @nobodyatall said:

    Type your comment> @eight said:

    Hello,

    So far,

    • I have enumerated the login credentials ~"c" & "1"
    • I logged in and uploaded php reverse shell. I started listening before uploading the shell and tried all the options available. And none triggered the shell.

    Note: Again I enumerated the directories/files and found the shell file and got the shell following the enumerated path.

    Question:
    How to trigger the shell right way? is there anything I am missing? the upload directory path? or anything i should note of?

    Thank you in advance!!

    PS: I an not a git fan or git user. This is the first time ~ git getting me:(

    same here, im not a git user too. Dont have any idea on how to get the reverse shell. been committing the php files.

    Once login, upload through all possible projects, snippets, branches!! then use directory busters to find the path. That's how I got my low prov shell. Hope this is not a spoiler!!

    that's a great idea pal, gonna try it out.

    hope you will get the low-prov shell:)

  • Type your comment> @AzAxIaL said:

    Thanks to @oozo for the hints on how to get root without user.

    Hints for this method.

    • If you got in via a lower level, what are you allowed to do?
    • Its good practice to keep a copy to work on.
    • You have many fishing items to choose from, but one works very well with what you are allowed to do.
    • Create what you need, and combine what you have.

    Thanks for that AzAxIaL, it got me from initial shell -> root. Don't think I used any of the fishing items though, stumbled into a more direct method. Now to figure out initial shell to user.

  • What's happening with this box? Sign in keep giving me 422

    Hack The Box

  • Type your comment> @verdienansein said:

    What's happening with this box? Sign in keep giving me 422

    Rooted! Was just having problems with Firefox. Used Chrome instead.
    For root I went to the intended way. I think g** p*** method has been patched.

    Hack The Box

  • edited November 2019

    Hints:

    ---User:
    - Time to develop a compulsive impulse to read every file
    - Upload and you are in, but wait, the first creds are not working, time to go back to the website for some hint
    --- Root:
    - Privileged executable (unintended way)

  • Rooted. Really enjoyed the box. I did it directly from the initial shell to root.

  • User and root owned

  • Does anyone have any hints for the www-data > root method via g** ? Happy to PM what I've tried and know so far, I don't want spoon feeding :)

  • Type your comment> @tarxien said:

    Does anyone have any hints for the www-data > root method via g** ? Happy to PM what I've tried and know so far, I don't want spoon feeding :)

    there are something called hooks :)

    0byte

  • I can confirm that w**.*** > root is not working any more due to git version update.

  • edited November 2019

    Type your comment> @stoffern said:

    Type your comment> @tarxien said:

    Does anyone have any hints for the www-data > root method via g** ? Happy to PM what I've tried and know so far, I don't want spoon feeding :)

    there are something called hooks :)

    Rooted. Good hint without spoiling anything, thanks :)

  • @n3b0r said:
    I can confirm that w**.*** > root is not working any more due to git version update.

    It's still possible to get from www-data to root. The method I used doesn't depend on a specific version of anything.

  • that was a really fun box

    If you are like me and get stuck with a low privilege shell and can't figure out how to access what the logical place is to get more passwords....make sure you enumerate the website you have access to fully, because the answer is in there

    Hilbert

  • Type your comment> @stoffern said:

    Type your comment> @tarxien said:

    Does anyone have any hints for the www-data > root method via g** ? Happy to PM what I've tried and know so far, I don't want spoon feeding :)

    there are something called hooks :)

    Sorry, but w-**** just does not have access to git, so how can you possibly use it?
    -rwx------ 1 root root 2343568 Nov 26 2018 /usr/bin/git
    whoami
    w
    -d***

    m4rc1n

  • Type your comment> @m4rc1n said:

    Sorry, but w**-**** just does not have access to git, so how can you possibly use it?

    sudo

    Hilbert

  • Type your comment> @Hilbert said:

    Type your comment> @m4rc1n said:

    Sorry, but w**-**** just does not have access to git, so how can you possibly use it?

    sudo

    for sudo you still need to have right to execute.
    Permission denied.

    m4rc1n

  • Type your comment> @m4rc1n said:

    for sudo you still need to have right to execute.
    Permission denied.

    run the right command

    Hilbert

  • Type your comment> @m4rc1n said:
    > Type your comment> @stoffern said:
    >
    > (Quote)
    > Sorry, but w-**** just does not have access to git, so how can you possibly use it?
    > -rwx------ 1 root root 2343568 Nov 26 2018 /usr/bin/git
    > whoami
    > w-d***

    When you start to attack a host in HTB, you have no access at all to that host, but finally you may have root access. I don’t understand your question. Your task is finding a solution to handle this problem.

    bumika

  • Type your comment> @m4rc1n said:

    Type your comment> @Hilbert said:

    Type your comment> @m4rc1n said:

    Sorry, but w**-**** just does not have access to git, so how can you possibly use it?

    sudo

    for sudo you still need to have right to execute.
    Permission denied.

    sudo -l and you can see what commands are available..

    0byte

  • Type your comment> @bumika said:

    Type your comment> @m4rc1n said:

    Type your comment> @stoffern said:

    (Quote)
    Sorry, but w-**** just does not have access to git, so how can you possibly use it?
    -rwx------ 1 root root 2343568 Nov 26 2018 /usr/bin/git
    whoami
    w-d***

    When you start to attack a host in HTB, you have no access at all to that host, but finally you may have root access. I don’t understand your question. Your task is finding a solution to handle this problem.

    Don't be so harsh, we are just having conversation -;)

    m4rc1n

  • @stoffern said:
    Type your comment> @m4rc1n said:

    Type your comment> @Hilbert said:

    Type your comment> @m4rc1n said:

    Sorry, but w**-**** just does not have access to git, so how can you possibly use it?

    sudo

    for sudo you still need to have right to execute.
    Permission denied.

    sudo -l and you can see what commands are available..

    I did it at the very beginning and what is the is denied as well. This is why I came here to check with you if you are absolutely sure this path has not been closed.

    m4rc1n

Sign In to comment.