PlayerTwo

2456789

Comments

  • edited December 2019

    ok

  • How to run Pr*****.*** file? Some hints please, thank you!

  • Try taking a 'walk' over the file and seeing what you can find
    @manfromkz said:

    How to run Pr*****.*** file? Some hints please, thank you!

    I've now got user (properly!) so here's my hints.
    - Watch running processes as usual

    • Spot something interesting
    • Use a script to tune in

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited December 2019

    Hmmm I've read through all of the t***p documentation to no avail. Wondering if there is maybe some hint I am missing as to what the "location" of a good enumeration point would be. Would it be helpful to go back and look at the original _Player_ box?

  • edited December 2019

    Yeah, I'm with you @AcroTiger. The t**** docs gave me nothing to go off of. I understand exactly what everyone is referring to, and I understand how I am intended to communicate with it, but without a valid endpoint, how am I ever supposed to know where to start?

    I've tried fuzzing for valid endpoints as well by response codes, and that was filtered and therefore useless.

    Could use a nudge -- been stuck at t**** since release.

    Edit: I was fuzzing improperly. Check not only your wordlists, but your parameters. I was negligent where I shouldn't have been. I didn't need to filter response codes to get what I was looking for (if this is considered a spoiler, feel free to report).


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • @farbs Exactly. I tried using cewl to generate a wordlist and try to find valid endpoints that way, but always receive the same "bad_route" response... Anyways, good to see an "Omniscient" stuck at the same point I am :rofl:

  • @AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I'm pleased I'm not losing my mind and others are finding this difficult as well. Didn't see anything in the material for t***p.

    Hack The Box

  • edited December 2019

    Type your comment> @phycomp said:

    @AcroTiger, @farbs, I thought I was going mad and missed something really obvious, so I'm pleased I'm not losing my mind and others are finding this difficult as well. Didn't see anything in the material for t***p.

    In docs of this app you can find file type that determines how the application works (if you strugling to understand what is this file, look at examples in git repo)., and structure of client requests.
    Docs tell how app works, no more. But nothing else is needed from them.

  • Guys, there is one endpoint and it.s in the definition of the service. LOOK CAREFULLY and see the examples in the docs. Think

    zaBogdan

    If you need help with the boxes, pm me on Discord, zaBogdan#3458, I always forget to respond on form

  • Am I missing a hint for the service that complains about the missing parameters, or is it really just 'guess the box'?

  • playing with 2FA service, always got missing parameter error. Is this guessing task or I am missing something?

  • edited December 2019
    > @idomino said:
    > Am I missing a hint for the service that complains about the missing parameters, or is it really just 'guess the box'?

    I am also struggeling with that error message right now. And I think I tried a lot of possible parameters. Really weird.

    menessim

  • Type your comment> @menessim said:

    @idomino said:
    Am I missing a hint for the service that complains about the missing parameters, or is it really just 'guess the box'?

    I am also struggeling with that error message right now. And I think I tried a lot of possible parameters. Really weird.

    It feels good to know I'm not alone in this XDXDXD

  • Type your comment> @idomino said:

    Am I missing a hint for the service that complains about the missing parameters, or is it really just 'guess the box'?

    Yea Im on that too. I dont understand if Im missing something or I Just Need to keep guessing..

    Hack The Box

  • Authenticated on 2FA, just got a page with lots of GIF images... will search for more I guess..

  • @kichung

    playing with 2FA service, always got missing parameter error. Is this guessing task or I am missing something?

    Sometimes the message is not telling the truth! RTFM on t**p payloads

  • Type your comment> @xtonousou said:

    @kichung

    playing with 2FA service, always got missing parameter error. Is this guessing task or I am missing something?

    Sometimes the message is not telling the truth! RTFM on t**p payloads

    You're right. Just got it. Choosing data representation is a key.

  • and now stuck on P******.*** file... any hints for that one? my tools are not recognizing it

  • @farbs said:
    Yeah, I'm with you @AcroTiger. The t**** docs gave me nothing to go off of. I understand exactly what everyone is referring to, and I understand how I am intended to communicate with it, but without a valid endpoint, how am I ever supposed to know where to start?

    I've tried fuzzing for valid endpoints as well by response codes, and that was filtered and therefore useless.

    Could use a nudge -- been stuck at t**** since release.

    Read why we use that service (probably you may aware of). It really needed a specific definition file to either route or communicate. Good Luck :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited December 2019

    Spoiler Removed

  • edited December 2019

    Is there a way to identify developer/name of this t**p? I am struggling to find correct documentation.
    EDIT: so no docs found... But blindly searching for attacks for that kind of service helped.

  • can any one give me a hint ?

  • i am stuck at the starting image

  • Type your comment> @Mandarzx said:

    i am stuck at the starting image

    enumerates the world

  • Stuck on the file we can download. Do I need to find anything else to be able to create my payload? Did the 'walk' and and I think I know what I'll need to do but missing a crucial piece of information to do it.

  • edited December 2019

    Type your comment> @idomino said:

    Stuck on the file we can download. Do I need to find anything else to be able to create my payload? Did the 'walk' and and I think I know what I'll need to do but missing a crucial piece of information to do it.

    You can actually achieve RCE with ... a herring! «dramatic music stab»

    Or, perhaps, with tarball you just happen to find lying around somewhere. Maybe take a break, decompress. Just a little redecoration in a way, not a renovation. No need to do anything that would require inspection.

  • @idomino said:
    Stuck on the file we can download. Do I need to find anything else to be able to create my payload? Did the 'walk' and and I think I know what I'll need to do but missing a crucial piece of information to do it.

    A documentation from where you downloaded it gonna definitely help you to understand how it looks like and what you can do with it. Good Luck :)

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @idomino said:

    Stuck on the file we can download. Do I need to find anything else to be able to create my payload? Did the 'walk' and and I think I know what I'll need to do but missing a crucial piece of information to do it.

    Same here, little clue would be nice. Thanks
    Docs read couple of times, but if we add something, than it will not be as equal, and it will be rejected.

  • edited December 2019

    Type your comment> @BigBoss said:

    Type your comment> @idomino said:

    Stuck on the file we can download. Do I need to find anything else to be able to create my payload? Did the 'walk' and and I think I know what I'll need to do but missing a crucial piece of information to do it.

    Same here, little clue would be nice. Thanks
    Docs read couple of times, but if we add something, than it will not be as equal, and it will be rejected.

    I got 2 things that might be related to what was written in the documentation. But do not know how to implement it.

  • I don't know if I'm on the right track, I have RCE. But I have not signed anything. The fact is that I do not get shell, just code execution :( Anyone in the same situation?

Sign In to comment.