RE

1235

Comments

  • Hi all,
    I managed to find the SMB share but I can't find a way to upload files in it. How can I do it?
    Thanks,

  • @Benny127 said:
    Hi all,
    I managed to find the SMB share but I can't find a way to upload files in it. How can I do it?
    Thanks,

    smbclient //10.10.10.144/<name of share> and then just put <filename>

  • Hello guys,
    I think I suck at hacking, someone can PM with some sort of hint?
    I don't know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I'm missing something here?
    Any hint on how to followup or tool I can use will be very appreciate.
    Happy new year to you all!

  • edited December 2019

    Type your comment> @MarioOlofo said:

    Hello guys,
    I think I suck at hacking, someone can PM with some sort of hint?
    I don't know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I'm missing something here?
    Any hint on how to followup or tool I can use will be very appreciate.
    Happy new year to you all!

    my problem exactly, surfing to the website by IP redirects to the blog url which doesn't load!
    it's driving me crazy

    Edit: It simply worked on its own O_o

  • Type your comment> @init5 said:

    Type your comment> @MarioOlofo said:

    Hello guys,
    I think I suck at hacking, someone can PM with some sort of hint?
    I don't know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I'm missing something here?
    Any hint on how to followup or tool I can use will be very appreciate.
    Happy new year to you all!

    my problem exactly, surfing to the website by IP redirects to the blog url which doesn't load!
    it's driving me crazy

    Edit: It simply worked on its own O_o

    Hmm so the blog exists, I'll keep refreshing to see if I can access it too, thanks =)

  • @MarioOlofo said:
    Type your comment> @init5 said:

    Type your comment> @MarioOlofo said:

    Hello guys,
    I think I suck at hacking, someone can PM with some sort of hint?
    I don't know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I'm missing something here?
    Any hint on how to followup or tool I can use will be very appreciate.
    Happy new year to you all!

    my problem exactly, surfing to the website by IP redirects to the blog url which doesn't load!
    it's driving me crazy

    Edit: It simply worked on its own O_o

    Hmm so the blog exists, I'll keep refreshing to see if I can access it too, thanks =)

    Where are you navigating to? Where is it redirecting to? What is the error? Can you do something to make one act as the other?

  • edited December 2019

    Type your comment> @scud78 said:

    @MarioOlofo said:
    Type your comment> @init5 said:

    Type your comment> @MarioOlofo said:

    Hello guys,
    I think I suck at hacking, someone can PM with some sort of hint?
    I don't know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I'm missing something here?
    Any hint on how to followup or tool I can use will be very appreciate.
    Happy new year to you all!

    my problem exactly, surfing to the website by IP redirects to the blog url which doesn't load!
    it's driving me crazy

    Edit: It simply worked on its own O_o

    Hmm so the blog exists, I'll keep refreshing to see if I can access it too, thanks =)

    Where are you navigating to? Where is it redirecting to? What is the error? Can you do something to make one act as the other?

    I'm navigating to http://10.10.10.144 and it shows the html telling that the actual site is in reblog.htb and after 2 seconds it redirects to reblog.htb, which dont exist.

    edit: and I don't think I can make one act as the other... =/

    edit2: thank you for the hint, indeed I can make one act as the other ;-)

  • Finally rooted the damn thing. After trying to do it the "intended" way for too many hours I got grumpy. Using my initial foothold I popped a service account and used it to get a SYSTEM shell. From there I just snagged the identity I needed and grabbed the root-flag using it.

    Looking at the stuff running it's obvious why I couldn't slip my stuff in the way I intended, the "upstream processing" would only be built that way by someone completely insane :D

  • @0xdf You forgot 1924 :)

  • edited December 2019

    I've been struggling for a couple days to even get a foothold. It doesn't matter what I try as a payload in the document, I cant get a response from the server. Anyone have any hints toward what to do for this upload?

  • @atr0pos said:
    > I've been struggling for a couple days to even get a foothold. It doesn't matter what I try as a payload in the document, I cant get a response from the server. Anyone have any hints toward what to do for this upload?

    What have you tried?
  • Hi @scud78
    Thanks for your reply.
    I tried that but the file doesn't seem to stay in the smb share. Is there a particular file format to upload for it to stay in the share?

  • > @Benny127 said:
    > Hi @scud78
    > Thanks for your reply.
    > I tried that but the file doesn't seem to stay in the smb share. Is there a particular file format to upload for it to stay in the share?

    Nope :)
  • I have user but I am stuck on privesc if someone has a moment to give me a nudge, please pm. I see a couple things but not quite sure how to leverage them.

  • rooted with help of some great people. Happy new year

    halfluke

  • edited January 4

    Finally rooted! Thanks to @v1p3r0u5 for helping me get through this.

    This was the hardest one for me yet. The first part of the privesc was insane!

    But overall really nice box! Thanks @0xdf for this amazing learning experience!

  • Rooted...
    User part was quite easy, just craft your own payload manually, it is easier and it will work fine.
    Root has so many steps and was not so clear. Thanks @v1p3r0u5 for helping me in this part.

    Hack The Box

  • @verdienansein said:
    ... just craft your own payload manually ...

    +1. If you don't know how to make one manually it's basically mandatory to build it from scratch. Never use a public exploit for something you haven't already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids :)

  • edited January 7

    Type your comment> @scud78 said:

    @verdienansein said:
    ... just craft your own payload manually ...

    +1. If you don't know how to make one manually it's basically mandatory to build it from scratch. Never use a public exploit for something you haven't already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids :)

    Well said. This box is a monster if you aren't able to rely on some of your own prior knowledge and capabilities. That being said, if you are a "newbie" and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @farbs said:

    Type your comment> @scud78 said:

    @verdienansein said:
    ... just craft your own payload manually ...

    +1. If you don't know how to make one manually it's basically mandatory to build it from scratch. Never use a public exploit for something you haven't already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids :)

    Well said. This box is a monster if you aren't able to rely on some of your own prior knowledge and capabilities. That being said, if you are a "newbie" and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.

    do you have any good resources for this?

    H4ck3d5p4c3

  • @H4ck3d5p4c3 said:
    Type your comment> @farbs said:

    Type your comment> @scud78 said:

    @verdienansein said:
    ... just craft your own payload manually ...

    +1. If you don't know how to make one manually it's basically mandatory to build it from scratch. Never use a public exploit for something you haven't already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids :)

    Well said. This box is a monster if you aren't able to rely on some of your own prior knowledge and capabilities. That being said, if you are a "newbie" and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.

    do you have any good resources for this?

    There are tons of blogs and git repos about using Python for hackery things, and also books like Black Hat Python etc. However, you should 100% stay away from those in the beginning :P Go through the tutorial on python.org, learn the basics, play around with the socket and os modules, and build some small snippets that automates your basic hacktivities. The reason I'm saying this is because if you start out using pwntools and impacket etc you'll be handicapping yourself severely letting them hide the internals :)

    And for payloads, if talking macros specifically, the necessary skill isn't how to build a type of macro that runs code, but how to read developer documentation on company websites ;)

  • Type your comment> @H4ck3d5p4c3 said:

    Type your comment> @farbs said:

    Type your comment> @scud78 said:

    @verdienansein said:
    ... just craft your own payload manually ...

    +1. If you don't know how to make one manually it's basically mandatory to build it from scratch. Never use a public exploit for something you haven't already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids :)

    Well said. This box is a monster if you aren't able to rely on some of your own prior knowledge and capabilities. That being said, if you are a "newbie" and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.

    do you have any good resources for this?

    https://docs.python.org/3/ is the authoritative source.

    https://www.freecodecamp.org/
    https://www.youtube.com/sentdex
    https://www.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g

    Hack The Box

  • I'm navigating to http://10.10.10.144 and it shows the html telling that the actual site is in reblog.htb and after 2 seconds it redirects to reblog.htb, which dont exist.

    For anyone else with a similar problem, remember this will rely on your hosts file.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @verdienansein said:

    User part was quite easy, just craft your own payload manually, it is easier and it will work fine.

    I agree but you can use the tool to create the framework. You just need to go in and change the important bit.

    If you dont, it probably wont work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited January 13

    sorted

  • This was a really hard but useful and instructive journey. Thanks for @0xdf for the box and @Chr0x6eOs for the hints in the root access phase.

    bumika

  • Spoiler Removed

    bumika

  • Type your comment> @bumika said:
    > Spoiler Removed

    Interesting.

    bumika

  • i am new to window box, this weird thing happen, any help?
    i got the nt authority\system shell by p****U*.ps1 already, but still cant read the root.txt, still access denied..
    tried takeown, acacls, also no hope

  • @kkbear said:

    i am new to window box, this weird thing happen, any help?
    i got the nt authority\system shell by p****U*.ps1 already, but still cant read the root.txt, still access denied..
    tried takeown, acacls, also no hope

    Look at other ways you can make a file unreadable in Windows.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.