Postman

I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

Any help would be greatly appreciated, trying to root my first box.

hi all - another n00b question. I am getting "unknown command ‘system.exec’ when running the first exploit. Any help would be v appreciated.
edit: sorted thx

Type your comment> @boffinson said:

hi all - another n00b question. I am getting "unknown command ‘system.exec’ when running the first exploit. Any help would be v appreciated.

Run wireshark and analyze messages from the traffic.

fun box! there were definitely some red herrings. I also got root before user.

Based on what I am reading here…looks like there might be different paths to get to the loot. I felt kind of hamstrung during enumeration, so I’d definitely would be interested in knowing what some of you have done.

if you need help, feel free to ping me

user:
there is a lot of material on the internet (and hints on this forum) about what to do. There is a service that simply lets you waltz in. Through trial and error I found out where I could and could not write to. The local enumerate once you have a foothold.

root:
business as usual once I picked up versions of what’s running within as root and looked up exploits for it. i used some tool that I dont normally like using but it got the job done. I will actually retry this with something else as I feel there are other paths to root.

First box finished!

Found it pretty tough as almost everything I did was filled with hours of dead ends and trying to use unneeded tools. It took me a few days of work, but I learned so much just from this one box. Very excited to keep chasing roots.

Everything you need is on the forums/reddit/internet. Try harder!

I can’t work on this box because it keeps becoming unreachable every 20 seconds.

So annoying… Can someone have a look at the machine? I’m on the edge-us-vip-14.hackthebox.eu VPN.

Besides, I have reached the initial foothold. PM me if you need any help with that stage.

Rooted the easy way. If anyone completed the privesc manually I would like to know you did it.

Type your comment> @Nexe said:

Hey guys, just got user access, trying to use a m**** module on w***n but i’m getting a “cookie error” and “no session was created”. Am i on the right way ? I don’t mind some hints :s nvm, got it working. hint for this error: don’t forget ssl like i did…

ROOTED !

pm me for hints/nudges

Thanks, @Nexe :slight_smile: That “don’t forget ssl” really helped me big time, got it right away.

Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

Rooted.
Thanks @rholas and @sckull for your help :slight_smile:

Type your comment> @lhh4sa said:

is anyone having issues with getting the S** key to the right file location in R****? I keep getting a password prompt after i follow the steps.

i think someone is also using the same exploit as you are! or maybe someone just alter the rds as a read only!

@lhh4sa said:
I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

Any help would be greatly appreciated, trying to root my first box.

just enumerate it bro real hard maybe you just missed it

@acidbat said:
Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

bro when using john and cracking that file what’s the first thing you must do? before you can crack it?

Type your comment> @6062055 said:

Type your comment> @Nexe said:

Hey guys, just got user access, trying to use a m**** module on w***n but i’m getting a “cookie error” and “no session was created”. Am i on the right way ? I don’t mind some hints :s nvm, got it working. hint for this error: don’t forget ssl like i did…

ROOTED !

pm me for hints/nudges

Thanks, @Nexe :slight_smile: That “don’t forget ssl” really helped me big time, got it right away.

Hey! Thanks for the hint. But I haven’t been forgetting the SSL, got the creds required for the exploit (M***, c***********), figured out that we have the pk* u**** privs for our user M*** but the exploit ends with Exploit completed but no session was created.

Any pointers on where I might be going wrong?

EDIT: Got user. For root → Still the same problem. Any pointers on what could be going wrong? I am using the w*****p********* exploit. SSL set to true. Not working man. Really frustrated at this point.

Got root before user. This machine is pretty difficult and frustrating for an easy one. Nothing worked out of the box and I had to carefully prepare each exploit and then find out why it doesn’t work as it should.

Initial foothold was a great learning experience for me, user taught me an important lesson as well. Really enjoyed the box!

Tried running rockyou.txt on the pri**** S** e but no luck so far after 25 minutes. My fans are going like it’s the end of its life.

Is there an easier way to do this than buying a Geforce GTX 20 series card? Hahah!

Edit: I’m so silly; I didn’t even see the password that came up. I am got the second user now. :))

Hi, i’ve just finished this machine, thanks @OddRabbit and @misthi0s for the help at the foothold, if anyone need a nudge to get user or root just PM me :slight_smile:

Type your comment> @wewppp said:

@acidbat said:
Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

bro when using john and cracking that file what’s the first thing you must do? before you can crack it?

Yup, got it now :slight_smile:
User flag done, on to root

alright rooted

Thank you very much @TheCyberGeek - it was a good learning curve for me :slight_smile:
Also a thank you to @rholas and @J0hnD03 for the nudges :slight_smile:

Foothold: Plenty on the forum but read the ‘An Ethical Hacker’s Cookbook.pdf’ and pay attention to the images + text (they are not always the same…)
User: Good juicy backup file you can have a look at and ask SS*John to help you out followed by his friend John, together they can rock you with a solution.
Root: As everyone keeps saying: CVE, I bummed out a little there on the listening address