Book

1131416181921

Comments

  • Spoiler Removed

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @TazWake thx i did it yesterday :)


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • Awesome work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited April 2020

    finally rooted :wink:

    thanks @TazWake and @0xpr0N3rd for all the helps

    note: i spend about 4 hour on root exploit because ı forget to give permission something, its not hint but i hope no one make same mistake :D really stressful 4 hour

    pm me for any nudge :)


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • Great Box

    Thanks for the challenge :smirk:

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

  • @zalazalaza said:

    I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

    Use burp.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Finally.

    [email protected]:~# whoami && id

    root

    uid=0(root) gid=0(root) groups=0(root)

    Realy enjoyed the box and learned many things. Every box is a learning opt. :wink:

  • edited April 2020
    It's scary, every several minutes connect to Book box is lost
    Every minute... and it's on edge-eu-vip-1.hackthebox.eu VPN
  • Guys, I cant get l**r***** to trigger.. It was working and suddenly stopped working..
    I am doing same exact thing as i did when it got triggered.. anybody faced similar issue?

  • I'm stuck on the root... can any body give tips about it?
    I can't start reverse shell :( my host unavailable from book.htd and I try use lo*****e and it doesn't work
  • Type your comment> @TazWake said:

    @zalazalaza said:

    I have read the article about the t******ion attack but cannot get it to work, can anyone PM with a nudge or some direction?

    Use burp.

    thanks thats what I needed.

  • I've done it!
    Thanks @Marsh61 for tips :)

  • Finally rooted!

    Thanks to @EvilT0r13 and @sh4d0wless..
    Accurate hints are there by @somecanadian in page 9!

    Great work MrR3boot..Looking forward to have similar boxes from you.... Its true that difficult paths lead to beautiful destinations :wink:

    Feel free to PM if need help

  • Yep, thanks @MrR3boot for interesting box 😺

  • Well I finally rooted this box but wouldn't have been able to do any of it without a lot of patience and nudges along the way from @TazWake and @wxadvisor .
    uid=0(root) gid=0(root) groups=0(root)
    python -c 'import pty;pty.spawn("/bin/bash")'
    [email protected]:~#

    Each stage taught me techniques which I haven't seen or used but will definitely not forget.

  • Rooted .. If you need help ping me on discord !! icoNic#0097

    Arrexel

  • edited April 2020

    Bypassing the guard on this one has got me stumped. I've tried URL, Unicode, octal, hex, string concat, mixed-case, inline comments. Can any nudge me towards the right one please?

    Ignore this, it's all unnecessary -_-

  • Hello,

    could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results :-( Thanks...

  • @daemonzone said:

    Hello,

    could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results :-( Thanks...

    The output is written to a file you need to download.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • This box was a a beast.
    Took a lot of researching and a lot of nudges but that's some good knowledge to have.
    Won't forget it. Thanks for the box :)

  • finally got around to doing this box.. i learned so many new things! already lots of hints so just pm if you need a nudge but tell me what you've already done and tried.

  • Learned really cool things by doing this box!

    PM me if you need a hint.

  • if you need some help you can always msg one of the many nice guys/girls around,

    of course the first thing they will ask you is to cat payload which you should do,

    And at that exact moment you will realize that your are a blind fool.

    Many Thanks @TazWake

    Rayz

  • edited April 2020

    I found a special file. Whenever I try to login to the server using that file I get err msg "Connection closed by 10.10.10.176 on port x". I dont know what to do with that. Any hints?

    nevermind ^_^

  • Hello guys. I found the vulnerability in the admin panel and I exploit it, but when I use my payload nothing happen. I always be redirected to admin login page but It don't raise the alert box with "Nope" as usual when you fall login. I don't want to spoil this amazing box so if someone want to help me for understand better what I am doing wrongly please PM and I will explain more better what I did and what happened.
  • Spoiler Removed

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • finaly :smile: the box is very fun !! great job !

    you need help for nudge mp me

    Hack The Box

  • Thank you to @Kevoenos for the link on the initial attack. It was what I was trying, but I was doing it in the wrong place, AND, if doing it at teh same time as other people this part is hard. IF a payload doesn't work, wait a bit for a reset, and confirm someone else isn't mucking up the attack. Try not to use a common file of interest to confirm access, use some other file in a directory that will always be there so that you know it was you, and not someone else

    coldpenguin

  • edited April 2020

    rooted !! welcome pm for help

    image

    Be happy, always

Sign In to comment.