Wall

12122232426

Comments

  • Hey guys, any hints for the first access? I wrote a script to bruteforce c****** API, but still not finding the password.

  • Rooted the box. thanks @donkeysnore for help.
    DM me if you want help on the box

  • Such a nice box nudge me for any help.

  • Spoiler Removed

  • Hey,
    Can Someone give me a clue about login credentials of c******* page.

  • Hi i need some help on the brute force of the credentials. Not very sure on what parameter to put.

  • Hey!

    I've been banging my head against a wall (lmao) for what feels like forever now. I managed to get into C******* with little to no problems, and I'm using the CVE script to try to get RCE working. I've modified it to show more info about the requests and responses and everything I try seems to land me with a 403. I know it has to do with some sort of character/word blacklist but it's completely eluding me at this point.

    Would someone be willing to DM me to help me understand this better?
    Thank you!

  • same situation as @110Percent . I am starting to think my creds are not correct... in fact, i've notices that despite changing usernames, there is 1 password that always gives me the same response... help!

  • edited November 2019

    Well this is quite a headache. Almost cracked the screen getting root. Got the root.txt and user.txt but the two flags (1...7, f...6) are not accepted. Back to the drawing board I recon...

    Edit. Nvm. they are now. Cool box.

  • edited November 2019

    Hi All, I can manage to get 2 types of shells on the box but my listener isn't outputting anything. Can anyone help with a nudge in the right direction?

    edit Nevermind i'm in.

  • Type your comment> @D4yz said:

    same situation as @110Percent . I am starting to think my creds are not correct... in fact, i've notices that despite changing usernames, there is 1 password that always gives me the same response... help!

    I'm certain my creds are correct, as I get 200s when I try to use commands that aren't blacklisted by whatever's getting in my way. I'll pound away at it some more, but I'm still scratching my head trying to figure out how I can circumvent it.

  • Rooted! Thanks for the help :)

  • Rooted. Thanks for the help from @Huejash0le and @verdienansein . The initial shell is tough, but root was very easy...All about enumeration! Frustrating but interesting box!

    Hack The Box

  • Can someone help... I am trying to send my command and I understand what the wall is doing... I just need a nudge in getting over it... PLEASE HELP!!!

    H4ck3d5p4c3

  • Rooted! My first box on HTB- learned alot from this one. Thanks to the creator! Personally had no luck with the RCE script on its own, but if you really look into how the exploit works and the API it uses it can be done.

  • anyone help me please pm me

  • oof what a mindfuck....

    so initial foothold was pretty easy. Once I had c***** the user/pass was definitely guessable without brute... my first guess was about one off ;)

    crafting the expoit took some time. The important part was getting feedback on what I was trying. Once I had that things moved quicker. Had to use some tricky phrase the likes I haven't tried before

    Root was easy as pie. Don't fall into rabbit holes, no need to read a bunch of files like I did

    overall I actually enjoyed it, learnt some different techniques as a result

  • Well, finally completed. This was my first box ever so everything was pretty confusing and new, but on the other hand I learned tons doing this. Thanks for everyone who shared tips on this forum, they were invaluable at points to get onwards.

  • Finally root , getting a RCE was clearly a pain in the A.., i didn't reach make exploit work, i did it manually. Therefore getting a shell looks a bit random for me , I had to relaunch command twice, sometimes it did not work! why? i have no idea.
    I even succeeded to get a shell just with launching a nc listener !!, probably a previous attempt that finally reach its goal 1 hours later.

    Hack The Box

  • hey guys
    Someone willing to help me here? can't seem to make any of the two exploits work... not even manually over gui

  • Finally got user and root. With the exploit I found, it dropped straight to root from www-data, so that was nice. This is my fifth box rooted at HTB and the first time I used SimpleHTTPServer. I found it very, very handy.

    c0nsid3rate

  • edited November 2019

    Hi everyone, honestly it's driving me crazy. Yesterday I successfully got access to w**-d*** , found user folder, but I used CTRL-C which kicked me out of shell and now I can't access it again, neither with script nor manually, even tho I get correct answer from server.

    Edit: Somehow, machine doesn't allow to connect me twice from the same port, don't really know if it's bug or something that I don't understand. So If you connected, and can't connect again, just try other ports. Hope that does not spoil anything.

    Edit2: Feels, like something broken. Got inside with two different methods. Sometimes they works sometimes not. Honestly don't know anymore what is wrong with this machine.

  • Is anybody getting Forbidden status code on /c******/m..php ? POST request

  • Can somebody please tell me how to get into c*******?

  • What a box, frustrated at first. But actually pretty fun. I repaired the script and got in like that.
    PM for hints.

  • Hi guys, any hints for privesc? I’m currently in w**-d***.

  • edited November 2019

    Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
    I obtain in every case "you don't have permission to access /c********/m..*** on this server." any tip?

  • Type your comment> @wohax0r said:

    Hello, Can someone help me? I found the RCE for c********. but I was not able to exploit it. I tried a simple ping but no response from the machine. Please DM me to help.
    I obtain in every case "you don't have permission to access /c********/m..*** on this server." any tip?

    Same here. But %20 causes the denied.
    Will look again tomorrow

    windows 7 is my rig :) if it can't be done on windows, i fail.

  • Can someone send me a hint on finding the credentials? I am really confused.

  • Hey all,

    I stumbled upon an executable called Wall and thought it might be related to the box, since they have the same name and its permissions seemed interesting. I spent up to 4 hours trying to exploit it :D untill I took a look at my one PC and found the same binary with the same permissions.

    I couldn't find anybody in here speaking about this binary before so I was wondering if this is related to the box or not.

    Hope this is not a spoiler of some sort

Sign In to comment.