Book

@chicxulub said:

can anyone give me a hint on getting the admin page? I can create the admin@ user without the “user exists” using the trick, but still can’t log in. Even altering the sess ID.

If you’ve created the admin@ user and you cant log in to the admin portal with the credentials you gave the account, one of two things is likely:

  1. you haven’t created the user correctly.
  2. someone else has attacked at the same time as you and changed the credentials before you used them

You shouldn’t have to mess with session IDs, largely because until you’ve logged in to the admin portal with valid admin creds, you don’t have an admin session ID.

I think I’m doing everything right to get information to leak, but it isn’t working - even on a freshly reset box. Can anyone give me a sanity check? Thanks!

Edit: NVM, I got it!

Sanity Check Please LOL!! I have done the process too many times to count, i have a great article that speaks to the exact same of attack…dont want to spoil anything please pm me!!

UPDATE: ALL GOOD :slight_smile:

Soooo i can get in the admin portal…but seems the password that let me in on the admin portal wont work for the regular access…is this because some changed it that fast? I am on VIP and this box is older… wouldnt think that would be the case

ok just slap me and tell me to stop being impatient got user…on to root

rooted :slight_smile:

I’ve learnt a lot especially for the user part! I got stuck on root for a while though but rooted it anyway! Thanks @MrR3boot for the learning experience! :smile:

i can read passwd with some injection and try **h key but it show me truncated file

how can i read all the file?im so noob on injection and web payloads

if its spoiler pls delete

Spoiler Removed

@TazWake thx i did it yesterday :slight_smile:

Awesome work.

finally rooted :wink:

thanks @TazWake and @0xpr0N3rd for all the helps

note: i spend about 4 hour on root exploit because ı forget to give permission something, its not hint but i hope no one make same mistake :smiley: really stressful 4 hour

pm me for any nudge :slight_smile:

Great Box

Thanks for the challenge :smirk:

I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

@zalazalaza said:

I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

Use burp.

Finally.

root@book:~# whoami && id

root

uid=0(root) gid=0(root) groups=0(root)

Realy enjoyed the box and learned many things. Every box is a learning opt. :wink:

It’s scary, every several minutes connect to Book box is lost
Every minute… and it’s on edge-eu-vip-1.hackthebox.eu VPN

Guys, I cant get lr*** to trigger… It was working and suddenly stopped working…
I am doing same exact thing as i did when it got triggered… anybody faced similar issue?

I’m stuck on the root… can any body give tips about it?
I can’t start reverse shell :frowning: my host unavailable from book.htd and I try use lo*****e and it doesn’t work

Type your comment> @TazWake said:

@zalazalaza said:

I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

Use burp.

thanks thats what I needed.

I’ve done it!
Thanks @Marsh61 for tips :slight_smile: