OpenAdmin

1212224262764

Comments

  • anyone have problem accessing to the box on port 80 well since release i never got into it always infinity loading and sometimes connection timed out is it supposed to do that but if so how i'm gonna enumerate ?

  • great box thank you @dmw0ng
    Always willing to give a hand, Just send me a pm

  • @hansraj47 said:

    ./47691.sh: line 6: syntax error near unexpected token `done'

    what the fisherman is that? I wonder if this is only made to teach people bash/sed/awk scripting.

    Probably, although I am not sure, you are running it without supplying a URL.

    If you just use filename.sh it doesn't work, because it doesn't know where to go.

    If you use filename.sh http://example.com/target/site it is more likely to work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • hey guys, I'm feeling really stuck here. I got the www shell but cannot for the life of me past that. if anyone if feeling helpful could you please dm me. I don't want the answers, I want to learn but just stuck (p.s. I'm pretty new)

  • @Raqune89 said:

    hey guys, I'm feeling really stuck here. I got the www shell but cannot for the life of me past that. if anyone if feeling helpful could you please dm me. I don't want the answers, I want to learn but just stuck (p.s. I'm pretty new)

    I dont mean to be rude, but this question has been asked several times in this thread. Have a look, try the hints and tips people have provided and then you might be able to ask a better question.

    The answer is still "use ls and cat to look around to find interesting or useful information"

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake, I don't think you're rude. I had a feeling this was going to be the reply. I am looking around. Obviously not enough. I'll just keep trying.
    Thanks for replying anyway

  • @Raqune89 said:

    @TazWake, I don't think you're rude. I had a feeling this was going to be the reply. I am looking around. Obviously not enough. I'll just keep trying.
    Thanks for replying anyway

    No worries - keep in mind, if you are on a free box there is always a chance someone has broken it or moved the files.

    Start by looking where you've landed. Look in all the folders. Read any files that look interesting. Remember people reuse passwords from one service on a different service.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake Thanks. I'll keep pushing. will feel better if I do it on my own anyway haha. I've found a few things of interest, just need to figure out how to use them. cheers again

  • @Raqune89 - nice work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Working on user2
    Curl completed but lacking credentials to use.
    I'm uncertain if altering a m**n file is appropriate as it's not owned by the user I want.

    Arrexel
    CCNA, CCNA SEC, SEC+

  • Type your comment> @ZeWanderer said:

    I keeping running the 4****.sh script but I get a non-responsive $ shell. No matter what I type I get no output and a $. I've tried to pop a shell from it, but python, nc, and bash shells haven't worked. Help or a hint as to what I'm doing wrong would be appreciated.

    use the metasploit exploit with a linux payload

  • Type your comment> @kruu said:

    Could anyone give me a hint please? I'm having trouble understanding the script. I'm just getting a $ and no command execution. I'm also not sure where to begin with manually doing it.

    Thank you for your time.

    use metasploit with a linux payload

  • the broken script works for user....... :)

  • Type your comment> @inc0gnit0 said:

    Type your comment> @kruu said:

    Could anyone give me a hint please? I'm having trouble understanding the script. I'm just getting a $ and no command execution. I'm also not sure where to begin with manually doing it.

    Thank you for your time.

    use metasploit with a linux payload

    can also use php reverse shell. worked for me.

  • Just rooted.

    What a great box.

    Let me know if you need any help via direct message. :)

  • How can I run binaries with 'sudo' without knowing the user's password?

  • edited January 18

    Fun box... getting through the user stuff was interesting.

  • Hard to tell what that script is and what it's doing by name alone!?! > @s37h said:

    I am proper stuck right now and I feel ashamed. I have the user creds for j***y but cant find the password for j****a. I have a hash that I'm trying to crack with john, but its taking forever.

    A solid nudge would be awesome.

    You need to use Johns friend first, to get it in the right format, if you haven't already done so.

  • @0xo said:
    How can I run binaries with 'sudo' without knowing the user's password?

    You have permission to sudo some things without password. check your permissions.

  • edited January 18

    @s37h said:

    I am proper stuck right now and I feel ashamed. I have the user creds for j***y but cant find the password for j****a. I have a hash that I'm trying to crack with john, but its taking forever.

    A solid nudge would be awesome.

    If it is just a hash you found in a file, you dont always need to crack it - there are ways you can bypass the step which checks for it, before it gives you the thing you need.

    If it is a key rather than a hash, @CuriousJ gave you the perfect advice.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • OK, so yesterday I spent around 4 hours trawling through files trying to find creds for User2. I had to give up and go to bed.
    I just woke up and got the J***y ssh again to find a whole bunch of files that weren't there last night. so I got root flag but I'm sure it is an unintended way cause the file was named strangely. still stuck on getting
    1. User 2 creds
    2. User flag

    any help would be appreciated

  • Stop reseting the box

  • Rooted finally after baging my head on root for a while.
    Almost every hint is already given here in the forum (thanks to everybody!) but again: it's sometimes so obvious that it get's overlooked. I didn't thought that some escalation pathes may have some parameters that are already given as well. It's easy to execute but you have to read carefully.

    PM me if you need a little nudge.

  • I get the message
    "[] Command Stager progress - 100.14% done (705/704 bytes)
    [
    ] Exploit completed, but no session was created." if I try to create the meterpreter session... also tried different payloads, same error, any suggestion?

  • Type your comment> @Lucaman said:

    I get the message
    "[] Command Stager progress - 100.14% done (705/704 bytes)
    [
    ] Exploit completed, but no session was created." if I try to create the meterpreter session... also tried different payloads, same error, any suggestion?

    The MSF one is far from perfect but it depends on the payload. If you use a non-staged one you might have better luck, but I found the bash script was much more effective.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I wish there weren't so many box resets. I think I understand why it's happening, but the low-hanging fruit from first pass of enumeration just isn't there (not that I was able to see anyway) and results in trolling everyone else who is further along :)

  • Type your comment> @TazWake said:

    Type your comment> @Lucaman said:

    I get the message
    "[] Command Stager progress - 100.14% done (705/704 bytes)
    [
    ] Exploit completed, but no session was created." if I try to create the meterpreter session... also tried different payloads, same error, any suggestion?

    The MSF one is far from perfect but it depends on the payload. If you use a non-staged one you might have better luck, but I found the bash script was much more effective.

    An example of a non-staged? I tried running the bash script and it didn't work, I tried almost any payload for linux and it's also not working, same error. (Also tried a simple reverse shell)

  • @Lucaman said:

    An example of a non-staged? I tried running the bash script and it didn't work, I tried almost any payload for linux and it's also not working, same error. (Also tried a simple reverse shell)

    On staged vs stageless: https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/

    But to be clear, I never got MSF to work here. The bash script is much better.

    The bash script is not a reverse shell, it is an RCE. Don't be fooled by this, it is all that you need to get a foothold and find a user account. You dont need to generate the hassle of a reverse shell which will die every time someone resets the machine.

    If the script and msf are generating the same error, the problem is likely to be how you are invoking it. I cant imagine the bash script is saying it cant send a stager though.

    With the script, for example, you have to tell it where to look. See this from a few lines up https://forum.hackthebox.eu/discussion/comment/57758/#Comment_57758

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I understood that the bash script was a RCE, it didn't work until now that I tried "sed -i -e 's/\r$//' expl.sh" before executing it... Idk what that command does but I found it reading some comments here

Sign In to comment.