ServMon

1679111230

Comments

  • edited April 13

    Actually there is a way to get root even without opening the website or tunneling. It is possible just by using some commands

  • second day of trying, and giving up root again..

    iam not a vip and this box is sooooo slow...and of course by the time you start typing, here comes a reset!

    heavy usage i guess...

    Rayz

  • Rooted :) !

    Pretty simple and interesting box, might help being VIP tho..

    PM if needed

  • Type your comment> @bertalting said:

    Rooted this one. If anyone is stuck i'm happy to give some nudges.

    Pls pm me?

  • edited April 13

    why restarting the machine for exploit again and again. what are you up to... it will restore to the snapshot. I bored for the part root. i ll do it later when the guys sleep who do the exploit exp. lines one by one and keep resets the machine.

  • edited April 13

    Im on root, I am trying to follow the steps of a certain exploit but the box is crazy slow at the moment. Can someone give me a message so i can make sure im on the right track. I am trying to get around the 403 error and its difficult to know if my setup is wrong or the box is not responding.

  • Just wanted to share a message:
    10.10.14.23: Stop reseting that box plz.

  • LOL think hard would a reset be the solution on a shared box....i think that would be an easy one to pick up on

  • Easy, free server is nightmare for root, its easy and obvious will root it later


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Rooted.

    Hints:
    For user: just enumerate, enumerate and then enumerate some more. Because enumerating will also put you in the path to root.

    For Root: It is easier than what you found online. Just look at a certain file you found. Understand how it works, and then using the gui/webapp will make much more sense.

    Oh, in this case, in the battle between Mozilla and Google, the blue icon wins ;)

    Happy to assist if needed.

  • Got user, will share hints offline. Don't ask about root though, I'm at a loss there!

  • Finally rooted. A very nice box, straight forward. The only down side is that it is quite unstable. I couldn't do it the day it came out as the box was getting hammered.
    Also somebody was changing my b## file

  • I got user.txt hash, for Nad*** but site wont accept it ?
    Is it aiming for user key of Nat*** ?

    Directory of C:\Users\Nad***\Desktop

    08/04/2020 22:28

      . 08/04/2020 22:28
        .. 14/01/2020 19:08 32 user.txt if not meant to be this, then why user.txt ??

    Hack The Box

  • Type your comment> @kurutta said:

    Type your comment> @olsv said:

    Type your comment> @kurutta said:

    Hey, i got the cve for User, just struggling on how to use it, anyone available for a quick nudge?

    you have text file laying somewhere in the well known structure . do the math

    yep, i was pretty certain i had the right path, but i just get document not found whenever i run anything

    I'm in the same situation as you

  • finally rooted. The root is real Patience test. Thanks @D3vil01 For root help...

  • Type your comment> @GibParadox said:

    For Root: It is easier than what you found online. Just look at a certain file you found. Understand how it works, and then using the gui/webapp will make much more sense.

    Oh, in this case, in the battle between Mozilla and Google, the blue icon wins ;)

    Happy to assist if needed.

    Can't get it to work, and the service keeps crashing, plus all the resets...
    I guess I'll try again down the week.

    Hack The Box

  • I found w**.ini but I'm not entirely sure how to use that information or where to go from here. Drawing a blank...

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • Box is easy, but the root part is exceedingly painful. The best tips I can give are:

    • Use Google Chrome (Not chromium or firefox)
    • Don't overthink the 'access'
    • Don't rely on what you've found completely (it's not written very well)

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @obi0ne said:

    I got user.txt hash, for Nad*** but site wont accept it ?
    Is it aiming for user key of Nat*** ?

    Directory of C:\Users\Nad***\Desktop

    08/04/2020 22:28

      . 08/04/2020 22:28
        .. 14/01/2020 19:08 32 user.txt if not meant to be this, then why user.txt ??

    Some one is probably being silly again, I had the same, the key changed three times had to reset and get it quick, probably best to come back for it later.

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

  • Type your comment> @Fidget said:

    Type your comment> @obi0ne said:

    I got user.txt hash, for Nad*** but site wont accept it ?
    Is it aiming for user key of Nat*** ?

    Directory of C:\Users\Nad***\Desktop

    08/04/2020 22:28

      . 08/04/2020 22:28
        .. 14/01/2020 19:08 32 user.txt if not meant to be this, then why user.txt ??

    Some one is probably being silly again, I had the same, the key changed three times had to reset and get it quick, probably best to come back for it later.

    you are right, reset the box, now hash accepted.

    Hack The Box

  • Is Pass****s.txt where the file says it is? I can't retrieve it using the LF*.. I've reset the box and tried imediately after, still no luck.

  • Type your comment> @cyb3rsinn3r said:

    I found w**.ini but I'm not entirely sure how to use that information or where to go from here. Drawing a blank...

    Oh, that's just how to test the PoC.
    Think about what would be helpful to read instead of that file

    Hack The Box

  • @Lycist said:
    Is Pass****s.txt where the file says it is? I can't retrieve it using the LF*.. I've reset the box and tried imediately after, still no luck.

    It is where the clues say it is

    Hack The Box

  • Type your comment

  • Hello all, im stuck at user, i got 2 .txt from the lowest service, i suppose there is the first step to know what user i need.
    After that im stucked because all other services dont let me do anything ( i meain i dont know what to do with them)

    Please give me some help, i need a little push to go ahead

    Thanks to all, this is a really nice place to learn

  • Type your comment> @cyb3rsinn3r said:

    I found w**.ini but I'm not entirely sure how to use that information or where to go from here. Drawing a blank...

    same

  • Type your comment> @japimil said:
    > Hello all, im stuck at user, i got 2 .txt from the lowest service, i suppose there is the first step to know what user i need.
    > After that im stucked because all other services dont let me do anything ( i meain i dont know what to do with them)
    >
    > Please give me some help, i need a little push to go ahead
    >
    > Thanks to all, this is a really nice place to learn

    Ask searchsploit for help ;)
  • I'm stuck in the d******* ********l part which I can view some files, for example, w.i but I think it just PoC as I see someone just said in the forum also it basically doesn't have much useful information inside and I found something like sym.i can even found the ns-0.**e itself but I think its probably not the thing I need. I try to enumerate many "useful" files locations but it just keeps giving me tons of 404.

  • Hey everyone, I asked a few of you for nudges, and so far it has gotten me to the part where I use my browser and SSH. I keep getting a "Connection was reset" error on firefox and a "This page isnot working, l****h**t didn't send any data; ERR_EMPTY_RESPOSE" on a blink based browser as I saw recommended above. I have double checked my SSH statement with others but I cannot seem to proceed further. (I am using the Free version for now)

  • Is there a reason why i cannot even curl N*******++ locally, logged in as N*****? All i get is failed to connect. Also tunneling to port 80 works fine but when i switch to 8*** i get nothing. I saw some people had similar problems, was this a connection problem or am i missing something?

Sign In to comment.