Fatty

1246

Comments

  • Type your comment> @d3b4g said:

    Type your comment> @Hackalicious said:

    What program do I use to modify a .class file?

    You can use a java IDE like Eclipse

    I installed Eclipse on my kali box. Doesn't open them. I must have done something wrong. Will rinse and repeat. TYVM

  • edited March 2020

    Type your comment> @prokaryont said:

    Type your comment> @Hackalicious said:

    I have been able to update the .jar file. However I am still getting SHA256 validation errors. What am I doing wrong?

    Maybe there are still remnants (e.g. signature files) from the old jar file that are being included in your new one.

    Was able to overcome using zip -d fy-c*****.jar '****-/.SF' '****-***/.RSA' '****-**/SF'

  • I got user but I'm running out of ideas for gaining root. Can anyone help me with a hint?
    Please PM.

  • After two days of pain i'm completely stuck on root

  • @Hackalicious said:

    @d3b4g said:

    @Hackalicious said:

    What program do I use to modify a .class file?

    You can use a java IDE like Eclipse

    I installed Eclipse on my kali box. Doesn't open them. I must have done something wrong. Will rinse and repeat. TYVM

    Well, you don't open .class file in Eclipse, but rather the (decompiled) .java files ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • edited March 2020

    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

  • Type your comment> @HomeSen said:

    @Hackalicious said:

    @d3b4g said:

    @Hackalicious said:

    What program do I use to modify a .class file?

    You can use a java IDE like Eclipse

    I installed Eclipse on my kali box. Doesn't open them. I must have done something wrong. Will rinse and repeat. TYVM

    Well, you don't open .class file in Eclipse, but rather the (decompiled) .java files ;)

    I discovered Recaf. Golden.

  • @an0n said:

    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

    For me it was easier to do my own app from decompiled sources and compile them w maven

  • @an0n said:
    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

    It requires some manual tweaking, but I found it easier to import the decompiled client into Eclipse, manipulate it directly and then re-compile it using Maven.


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • edited March 2020

    @HomeSen said:

    @an0n said:
    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

    It requires some manual tweaking, but I found it easier to import the decompiled client into Eclipse, manipulate it directly and then re-compile it using Maven.

    thx, had some trouble with Eclipse, using pure Maven (after some minor tweaking) solved the issues.

  • Alternatively, you could modify java bytecode with recaf

  • Type your comment> @an0n said:

    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

    @flk said:
    Alternatively, you could modify java bytecode with recaf

    Thank you. I ran into issues with Eclipse. Installed, however, get errors when I try to open anything.

  • @Hackalicious said:
    Type your comment> @an0n said:

    has anyone managed to compile the decompiled version, or is it easier to write a client from scratch (using the decompiled source)?

    @flk said:
    Alternatively, you could modify java bytecode with recaf

    Thank you. I ran into issues with Eclipse. Installed, however, get errors when I try to open anything.

    use cmdline maven (after arranging everything to their appropriate folders).

  • edited March 2020

    That box stung a bit. Root seemed fairly intuitive. Everything before took me a very long time to get everything aligned and perfect, was out of my comfort zone big time with regards to a lot of the stuff needed to get user. This box made me rage and swear a bit but I can't blame it for that. Solid learning experience for me. Thanks to all who helped point out my flaws. Good job with this one @qtc

  • Ok - this box is difficult. I struggled getting the basic version 8 package installed :smile: I might have to go back to waiting until it is retired :sweat_smile:

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Guys,
    Anyone could give me a little nudge to start root?
    I am stuck for 4 days trying to figure out where a weakness is, no way to find it.

  • Has anyone anyone been able to download that file from the server without writing code?
    If so i woulde love to hear how, Ive been struggling to get anything utilising socat and ssldump

  • This box is INSANE !!

  • can anyone assist with "not fully implemented" issue?
    Please PM.

  • Got user though I spent a long time trying to bash my way through to a shell, which just gave me a headache.

    No idea about root, I guess that the 'join the dots' hint is best understood once you have cracked it.
  • edited April 2020

    @bobd91 said:

    Got user though I spent a long time trying to bash my way through to a shell, which just gave me a headache.

    No idea about root, I guess that the 'join the dots' hint is best understood once you have cracked it.

    Once you got user you must understand where you are, then do some usual enumeration and try to make hypothesis about what you found could do.

  • any help to download the fatty-S****r?

  • Finally got it. User part is ideal to feel what is the OSWE exam , and even a bit harder.
    Thanx to @moszkva to root hint -- stuck for weeks with it.

  • Got root!

    I got to within touching distance fairly quickly but I just couldn't quite see how it was going to work. In the end I needed a lot of help.

    Thanks to @snuggles for confirming that I was going in the right direction and to @yb4Iym8f88 and @Driikolu for helping me see the last bit.

  • When i run the *.jar file it gives me " Connection Error" i have updated the XML with P**T and done require changes. pls guide me where i am doing wrong.

  • Type your comment> @Igotyou said:

    When i run the *.jar file it gives me " Connection Error" i have updated the XML with P**T and done require changes. pls guide me where i am doing wrong.

    Sounds like you may have done something that broke it. Feel free to message me if you need help. I got you :)

  • Does anyone know article about getting proper tty, with some unusual methods? In this box it is pretty hard and, i hope, will be very useful in enum.

  • Type your comment> @yb4Iym8f88 said:

    Finally got it. User part is ideal to feel what is the OSWE exam , and even a bit harder.
    Thanx to @moszkva to root hint -- stuck for weeks with it.

    Pm you ? I have a few doubts

  • Got user a long time ago, got back on it now, but I still can't see which direction to go for root. No **uid binaries, only services running as root are **hd and c***d. The first doesnt look vulnerable, second does some wierd thing, but I cant see how I'd exploit it. Or am I looking at the wrong root and is it outside the current ****er con******? Small nudge would be appreciated.

  • edited April 2020
    Any nudges for getting user after the reverse shell? Looks like I need root within the container to get user, but unsure how to go about it.

    edit: Derp, thanks @EvilT0r13 :)
Sign In to comment.