Book

Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.

@JossaN said:

Hi guys, can you give me a nudge?
I have a way to take ‘Admin’ account,
I tried changing the name of my ‘user’ account to standard injections.
I tried uploading malicious .f files as user and then “exporting” as admin(through C*********), nothing so far… and I feel im out of ideas.

Dont focus on the file itself. Think about what you could do in the other fields. It does need a bit of “outside the box” thinking here because its an attack you would normally expect to see an information leak in your browser.

But in this case, you need to be creative and think where it might end up.

i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.

@spaaceghost said:

i’m using a technique that’s supposed to send some information to my server when i generate the c*********** file. not sure if this is correct. i’m not seeing any connections. if someone could pm me a hint.

I never managed to get it to send data to my local machine like that.

Finally got user! New and interesting techniques for me! Now on root!

Type your comment> @TazWake said:

Type your comment> @BINtendo said:

anyone able to help out with root? I’ve been at it for days. found the exploit, can trigger it manually but no shell back.

Why do you need it to give you a shell? There are other ways you can make it give you what you need to access the box as a privileged user.

you’re right.

i finally got it today. thank you … every person on htb. i hit up everyone, mainly because i needed so much help i didn’t want to annoy one person too much so i moved on to someone else.

once i got it i looked at all the files in the home dir and many things became clear. Still have questions though, need to look into this more.

Hated this box while doing it, ■■■■ good job @MrR3boot

Having to race multiple people trying to do the same thing for accessing the admin page is neither a learning nor a pleasurable experience.
More like an exercise in futility.

Finally rooted! Thank you @MrR3boot for all these sleepless nights :smiley:
It was really great experience to finally obtain user flag and then root one. Learned few interesting techniques.

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

Got root ! Such a great experience, learned new tricks… Thank you @MrR3boot :blush:

For nudge, PM if needed

secucyber

Rooted! Definitely one of the best boxes I’ve done

Last login: Wed Mar  4 00:45:31 2020 from 10.10.16.100
root@book:~# whoami
root

FInally got root.
All hints are already been given.
Cheers!

Finally got root! Great box!

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

I found that, i had to revert the box once or twice to get it to work. for some reason it would work, and then it wouldn’t. After revert it would work again. To lazy to find out why. :open_mouth:

Once you know you can trigger the last step yourself, it makes it all go a bit quicker. I don’t know how many hours I spent waiting… I was also able to get a reverse shell as root even though it is not required to get what you need.

If you are stumped on user or root, send me a DM and I will try to help.

@cyb3rpunk666 said:

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

Are you sure you are checking the right things - it is a form field you need to focus on.

finally roteed @TazWake Thanx for everything :slight_smile:

pm for hint :slight_smile:

Type your comment> @TazWake said:

@cyb3rpunk666 said:

Type your comment> @orespan said:

Know what to do to get into admin, found the length required but i can’t get it to work. Anyone kind enough to PM me to check if i got something wrong?
Thank you.

I am having the same problem, I have a feeling that we’re missing something important. but I have a script checking content length of every url I found. So far I got nothing

Any hints are appreciated

Are you sure you are checking the right things - it is a form field you need to focus on.

What should we do with field? is it SQL injection ?

Spoiler Removed