Postman

Got root.

I think the best tip that I can give to someone - don’t overcomplicate it. It’s simpler than you are thinking it is.
Thanks to @Achille for giving me tip, when I was knocking my head against a wall.

Deleted

Service is unavailable and max resets reached for the day already, argh. Would someone with root mind giving the initial foothold service a kick please?

I finally got root! A very interesting machine!

r*** was pretty straightforward, but for u***, it took me some time to get it. I didn’t knew that re*** was that dangerous!

If you need a hint, just ping me via PM.

Rooted, definitely scraping the rust off of not doing this for a while lol. If anyone needs help, feel free to msg me!

Rooted, first user and root! Thanks @zweeden for a few nudges in the right direction.

It was fun! Thanks @inetshell for a hint and @TheCyberGeek for the challenge!

Got this one last night. To those who say TLS/SSL makes this difficult, the reality is most tools have knobs and dials that let you selectively turn encryption and cert validation on or off.

i got user but after that i tried using wn_p***p_r** on [M] but it only return “Failed to retrieve session cookie” so i’d be very appreciated for any help if im on the right track or not.
edit : nvm forget to SSL :)))

I can’t get a shell!!! I used a modificated script with r*** but all time say me Permission denied in the ssh… I don’t know why.

@eternaln00b said:
I can’t get a shell!!! I used a modificated script with r*** but all time say me Permission denied in the ssh… I don’t know why.

Personally I didn’t use a script, just piped printf with some extra newline formatting surrounding my credentials (before and after, ~4 lines on each side) to the command line interface for r****.

I am new to Hack the Box. I have tried to use the exploit described in Kali Linux an Ethical Hacker’s Cookbook and I have been unsuccessful. I also tried to use to some of the exploits in Metasploit. I would appreciate any tips. Thank you in Advance.

Got User and Root…

Some hints, once you have initial foothold via one service, find the hidden secret in the bakalleys… with that you can accomplish the other tasks via another service.

Fun box, thanks!

Another hint - you don’t need metasploit for a foothold. Just look at the CONFIG for the service you find and then look for ways to manipulate it.

Finally done. Still wondering what the txt file in the users Home dir was for.
thanks @inetshell

Finally got root.
My tips:

  • get a good foothold;
  • learn how to use r… when u find it;
  • u dont need the u*** at all… only to get the hash for it.

pwnd

Please reset this box , looks like a team has modified the permissions

Rooted

initial: enum and see how the unprotected service can be abused (try kali cookbook)
user: permissions are important while creating backups
root: just run the module (dont forget ssl)

PM if you need hints

Hello
I got the intial shell, tring to get user.
i found a file i*_***.**k, and when i tried to connect to ssh i get :
Connection closed by 10.10.10.160 port 22.
is what im doing wrong, or something wrong with the machine(cant reset it)?