Registry

1910121415

Comments

  • edited February 2020
    I need a nudge pleaseee!! I'm in the last step for root. I already have a shell for w**-***a and I know that I have root privilege with r***** command. I've created a repository on my machine, set up a r*****-s***** instance also on my machine, and then executed the r***** command but I can not make it work... I read here that r*****-s***** is portable but I can't figure it out what it means... any help?

    Edit: nvm... rooted! I needed a tunnel...
  • edited February 2020

    Stuck trying to get from b**t to w-d. Tried various ways of uploading bind/reverse shell through b**t c*s, but can't find how to execute it. A nudge would be much appreciated :smile:

    Edit: Rooted. Got the rce through the c*s, just needed to be quicker once the .**l was changed. Thanks @zfyra for the nudges!


    image
    /respect deluqs if I helped you :-)

  • stuck on bolt -> w*****ta. Any hints appreciated.

  • Help!

    I'm stuck on the last step and it's so frustrating. I have a w**-*** * shell. I can't figure out how I am supposed to use the r***** command :(

  • edited February 2020

    still stuck at initial foodhold. played around with d***** and found a key, but john isn't very talkactive today. anyone want to tell me what I'm doing wrong?

    EDIT: Got User finally. thanks to very helpful people. the last stepp took me again wy too long, thanks to my stupidity. Should really learn to read output properly ...

    Hack The Box

  • Great box. Not too hard but in no means easy. Learned a lot about new tools and services. I found user to be way harder than the actual root part. User involves many steps with multiple rabbitholes imho. Pm me if you need a nudge.

    Countably

    I am always happy to help, but please put some effort into your questions. I won't reply to "I am stuck on machine XXX" messages.

  • edited February 2020

    Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried "_ca*****" but nothing. Can someone help me for what he next step is?

    Edit: Got User1 for now

  • Hi there,

    Currently i'm in the /b... d******** and i am trying to get a shell running via a file rename but i get a lot of errors when i'm doing this.. 404 not found. Am i doing something wrong? Can somebody give me a nudge in the right direction?

  • Have a good rest everybody..

  • Awesome box, thanks @thek!

    Learned about a few new tools, scripts and services :mrgreen:

    Rooted with shell.

  • Dude, this box is wicked! Been meaning to learn a bit more about d*****, and this was a good lesson! Learned about some other things that I'll be definitely using in the future.

    Thanks @thek!

  • edited March 2020

    I have cracked the hash for ad**n and able to upload a web shell, but this keeps resetting and unable to get a reverse shell. Appreciate a nudge in the right direction.

    Edited:

    NVM, It was right in front of me and I just needed to try harder.

    N3ph0s

    Discord n3ph0s#7012

  • Rooted, reading the post I think I am more lazy that I thought xD I was so tired I didn't even set up a r**t service, working as programmer I can't live without exceptions but this time they helped me getting root saving some time. Anyway P.M. for help

  • edited March 2020

    Got really stuck for the login page.

    DAAAAAMN

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    Hack The Box

  • edited March 2020

    USER :
    Enumeration web application with the documentation of the API
    download file from browser and enumerate what you get
    get creed enumerate again get a connection

    Feel Free to PM :smile:

  • Type your comment> @TeRMaN said:

    Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried "_ca*****" but nothing. Can someone help me for what he next step is?

    Edit: Got User1 for now

    Edit: Rooted. Thank you all.

  • edited March 2020

    Hardest box I've done so far. Lots of research is necessary for this one >.<

    User1 (easy): brush up on c********s
    User2 (medium): I spent longer than I'd like to admit looking for login creds.. oops. Once authenticated, the rest is google-able. Just be quick, have some tabs open.
    Root (difficult): One thing to remember.. as others have mentioned here, everything should be done on the the box. You'll save a lot of potentially wasted time. Try testing locally first. Check out what permissions you have as user2. The rest is trial + error.

  • I immediately got to the b... user before getting an initial foothold, and found the user.txt. Seems like I need to get to some l.... page to get a f... up.... Any nudges on where to find this page where I need to enter something I found?

  • edited March 2020

    hi, I am working on the initial user, I got all the files downloaded, but can't find the creds?

    E: I think I got the hash but can't find the a way to decrypt the hash, tried john and hashcat. any nudges?

  • edited March 2020

    Rooted!

    Whew this was such a hard and interesting box. I certainly learned a lot! Well- Here come some hints... Bear with me because this is the first time I give out hints.

    User1: A certain service on this box will allow you to look into the past, some say that it recorded the forging of the key to open the door!

    User2: After a lot of enumeration on User1, you should have found some information that you can use, a certain cat we know may want to play with that - but your journey for User2 does not end here. You will need to be really quick if you want to access what is underneath.

    Root: One User can do what the other cannot. When you find a certain file you will realize what it is that you are supposed to do. Tunnel vision is sometimes needed!

    PM me if you need any nudges! Thanks @thek for this amazing box!

  • Finally rooted this one, took me a while to figure out how to get all the file permissions right.

    Feel free to PM me for hints

    Hack The Box

    CEH | OSCP

  • edited March 2020

    I found the /sealed key/ in d***** i**** but cannot crack it with j***, though I ran the converter script. Any idea what might have gone wrong?

    EDIT: tried on my host (win) machine, same result - nothing. What the hell is going on ?! :(

    EDIT v2: NVM, got it. VERY sneaky! I like it.

  • I would really appreciate some nudges how to get w**-***a from b***. Thanks!

  • Not like this box is hard or easy or whatever, but most of the things I've found through the initial foothold has led me nowhere or to what looks to be a deadend, and...I'm confused to be quite honest. Can someone help out? If so, PM me.

    Hack The Box
    CISSP | eJPT

  • @Dzsanosz said:

    I would really appreciate some nudges how to get w**-***a from b***. Thanks!

    There is an enumeration script which gives you some useful information. Then you may need to take a step back and dig deeper with your web enumeration fu to find a place to use it.

    Once you've used it, fairly typical attack gets you a shell.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 2020

    Type your comment> @JSONSec said:

    Help!

    I'm stuck on the last step and it's so frustrating. I have a w**-*** * shell. I can't figure out how I am supposed to use the r***** command :(

    I am also stuck at the same place. I know what i need to do, but dont know how to do it. Can anyone help me on this?

    EDIT:
    Got the root (file I mean). Thanks to @CodingKoala for providing hint towards root.
    Overall - User seemed quite easy than root. Restrictions on box made it difficult.

    My Hints:
    User 1: Find what software/tool you are working on and enumerate. There is a good article which shows step by step approach to enumerate. Explore the things which you have got. You will find useful data within to get user1
    User 2: This is bit tricky. Find login page. Creds can again found in the data you got from User 1. Upload things and get the shell. (Method I used is I think different from others. I did not face issue to make things work fast. My uploaded data (file) were there for long time.)
    Root: Again tricky as I did not know methods to bypass/forward things. You can easily find what you need to exploit, but exploiting it is difficult.

    If required any help, PM me.
    If I have spoiled anything, please report

  • Type your comment> @grav3m1ndbyte said:

    Not like this box is hard or easy or whatever, but most of the things I've found through the initial foothold has led me nowhere or to what looks to be a deadend, and...I'm confused to be quite honest. Can someone help out? If so, PM me.

    I was able to get the user flag yesterday, but need direction on what needs to be done after. If anyone wants to help, PM me.

    Hack The Box
    CISSP | eJPT

  • edited March 2020

    Need help for w**-d***, can't get code execution. If anyone wants to help I'll appreciate it :smile:

    Edit: Rooted! Thanks @CodingKoala for the nudge.

    bolt
    uid=0(root) gid=0(root) groups=0(root)
    Wed Mar 11 01:58:17 UTC 2020

    Feel free to pm for help!

  • can someone give me a nudge on initial foothold? I found a couple files in i****** directory. Found a login page for b***. Not sure what direction to go. Wasted a ton of time researching d*****, still not sure if that is the correct path

  • I'm still fighting with the second user, but I'll ave a question for the seasoned pentesters. I have created a setuid.c file (I compiled it), which sets the suid and guid to w-d***, I managed to upload this file through the webapp (via webshell), so the owner of the file is w-d****, I set the suid bit, I ran the file with user b***, and I could not escalate to w**-d***. Why is that? I checked the fs, and should not be there a nosuid mount. Any Ideas?

Sign In to comment.