Book

1121315171821

Comments

  • Can I get a nudge for user? Im stumped. I've created a user and noticed that there is an admin login page, but Im stuck.

  • edited April 9

    Man, I’m always bad at X** exploitation.

    I really need help and some nudges for X** things.

  • @qwas2zx9 said:

    I can't trigger my payload, what am I missing?

    The way to trigger your payload?

    Are you editing the target file while the exploit is running? If not, it probably wont trigger.

    If your payload is something which wont run on the system, then you might be triggering it without knowing.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TsMade said:

    Can I get a nudge for user? Im stumped. I've created a user and noticed that there is an admin login page, but Im stuck.

    Those two things are helpful. You can create one that can access the other.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @dearmrj said:

    Man, I’m always bad at X** exploitation.

    I really need help and some nudges for X** things.

    Google those three letters and Noob Ninja. You might find something helpful.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:
    > @qwas2zx9 said:
    >
    > (Quote)
    > The way to trigger your payload?
    >
    > Are you editing the target file while the exploit is running? If not, it probably wont trigger.
    >
    > If your payload is something which wont run on the system, then you might be triggering it without knowing.

    I got it @TazWake thank you.
  • finally rooted.....really nice machine....prob the best one I done yet, learned a alot of new cool things...special thanks to @TazWake for your great tips! feel free to pm me if you are stuck :)

  • edited April 10

    Oh! what a ride! @MrR3boot you have outdone yourself with the PRIVESC vector research and deployed it pretty well so that it doesn't work out of the box with the exploit present publicly. Amazing experience throughout and I will do this box multiple times to get a better hold of the entire flow. Thanks for the experience!

    3zCulprit

  • Spoiler Removed

    image

  • edited April 10

    Hello! Stuck on foothold. I tried SQL/NoSQL injection. Also I found a XSS, but I don`t understand, what I must do with all it. have an admin email and admin directory. Is I must change password? Or any other way? Which tool I must use or which page is Vulnerability? Please PM me. Thank!

    Do it. Thank for @ReT for hint!

  • Also a little stuck on X**, any tips would be appreciated. Please PM

  • Found X**! Think i know what to do now! just need the payload to work.

    PM for nudges, I'm almost available 24/7.

  • There are already many good hints here....If you already have X** use it to export. As mentioned, there is a blog post that exploits a similar scenario. :smiley:

    Watskip

    < Soli Deo Gloria >

  • Nice box, thanks.
    User: Figure out what happens when you register, read the code and then research about how exploiting it can be done. Once you're in, look where you can inject something malicious and see if you can look at that through admin.
    Root: Pretty much simple, check out what is running and read online on how to exploit it because you have everything you need ready for it.
    DM me for any questions

    v1ew-s0urce.flv
  • for some absurd reason I was doing the exact same thing for the privesc and it didnt work. Did a box reset and bam, it works..User was great - a good learning experience but root was a bit eehhh..still good stuff on the box!

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • @TsMade said:
    Can I get a nudge for user? Im stumped. I've created a user and noticed that there is an admin login page, but Im stuck.

    try to search about sql truncate

  • Got root now!

    Thanks to @selfhatred @TazWake for the nudges.
  • Finally rooted a lot of learning
    thank you all
    if you need hints PM

  • I entered as admin on ip/index php but when I try to loggin as admin in ip/admin
    my credentials doesn't work
    any hint please

  • Awesome box, and it kicked my butt for a while, but interesting vectors.
    User definitely took a bit of tweaking but root was straight forward enough if you don't overlook the obvious like i did for a while :)
    Good luck to others!

  • @evilcode said:

    I entered as admin on ip/index php but when I try to loggin as admin in ip/admin
    my credentials doesn't work
    any hint please

    The email address matters.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • finally i can root this box!

    $ i just wanna say thankyou for creator

  • can anyone give me a hint on getting the admin page? I can create the [email protected] user without the "user exists" using the trick, but still can't log in. Even altering the sess ID.

  • @chicxulub said:

    can anyone give me a hint on getting the admin page? I can create the [email protected] user without the "user exists" using the trick, but still can't log in. Even altering the sess ID.

    If you've created the [email protected] user and you cant log in to the admin portal with the credentials you gave the account, one of two things is likely:
    1) you haven't created the user correctly.
    2) someone else has attacked at the same time as you and changed the credentials before you used them

    You shouldn't have to mess with session IDs, largely because until you've logged in to the admin portal with valid admin creds, you don't have an admin session ID.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 14

    I think I'm doing everything right to get information to leak, but it isn't working - even on a freshly reset box. Can anyone give me a sanity check? Thanks!

    Edit: NVM, I got it!

    discord: j88001#6183

  • edited April 14

    Sanity Check Please LOL!! I have done the process too many times to count, i have a great article that speaks to the exact same of attack....dont want to spoil anything please pm me!!

    UPDATE: ALL GOOD :)

  • edited April 14

    Soooo i can get in the admin portal....but seems the password that let me in on the admin portal wont work for the regular access......is this because some changed it that fast? I am on VIP and this box is older... wouldnt think that would be the case

    ok just slap me and tell me to stop being impatient got user....on to root

  • rooted :)

  • I've learnt a lot especially for the user part! I got stuck on root for a while though but rooted it anyway! Thanks @MrR3boot for the learning experience! :smile:

  • edited April 14

    i can read passwd with some injection and try **h key but it show me truncated file

    how can i read all the file?im so noob on injection and web payloads

    if its spoiler pls delete


    Hack The Box

    You can pm me on discord sh4d0wless#6154

Sign In to comment.