Book

Type your comment> @TazWake said:

@xenofon said:

i’m in the admin panel ,i understood how the user integrates with admin but i am stuck at rce…any good hints? the pd* injection with malicious code is not working or at least i can not do it

Not sure you can get an RCE over this. Try thinking about ways you can get it to leak information that you can use to get access. If you google one of the OWASP 10 and the thing you are trying to inject into, there is a blog post which can give you clues. With these clues you can build an attack.

thanks i will try it ,for the moment the box is crashing pfffff

anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back. i’ve read several articles about different scenarios, and uses, asked multiple people for help. I did get responses back but very vague and i’m just too dumb for this one.

Type your comment> @BINtendo said:

anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back.

Why do you need it to give you a shell? There are other ways you can make it give you what you need to access the box as a privileged user.

Could anyone give me a nudge on how to exploit the lo… rc?

@Mazota said:

Could anyone give me a nudge on how to exploit the lo… rc?

If you google for that word plus exploit github the best link is likely to be in the top 5

Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.

@JossaN said:

Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.

Dont focus on the file itself. Think about what you could do in the other fields. It does need a bit of “outside the box” thinking here because its an attack you would normally expect to see an information leak in your browser.

But in this case, you need to be creative and think where it might end up.

i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.

@spaaceghost said:

i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.

I never managed to get it to send data to my local machine like that.

Finally got user! New and interesting techniques for me! Now on root!

Type your comment> @TazWake said:

Type your comment> @BINtendo said:

anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back.

Why do you need it to give you a shell? There are other ways you can make it give you what you need to access the box as a privileged user.

you’re right.

i finally got it today. thank you … every person on htb. i hit up everyone, mainly because i needed so much help i didn’t want to annoy one person too much so i moved on to someone else.

once i got it i looked at all the files in the home dir and many things became clear. Still have questions though, need to look into this more.

Hated this box while doing it, ■■■■ good job @MrR3boot

Having to race multiple people trying to do the same thing for accessing the admin page is neither a learning nor a pleasurable experience.
More like an exercise in futility.

Finally rooted! Thank you @MrR3boot for all these sleepless nights :smiley:
It was really great experience to finally obtain user flag and then root one. Learned few interesting techniques.

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

Got root ! Such a great experience, learned new tricks… Thank you @MrR3boot :blush:

For nudge, PM if needed

secucyber

Rooted! Definitely one of the best boxes I’ve done

Last login: Wed Mar  4 00:45:31 2020 from 10.10.16.100
root@book:~# whoami
root

FInally got root.
All hints are already been given.
Cheers!

Finally got root! Great box!

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

I found that, i had to revert the box once or twice to get it to work. for some reason it would work, and then it wouldn’t. After revert it would work again. To lazy to find out why. :open_mouth: