ForwardSlash

1468910

Comments

  • Type your comment> @zaphoxx said:

    I am stuck at a point at user where i can read files but not all of the .php ; so far nothing i could read gave me some new information to proceed; plz pm for any nudges ; thx

    same here... can't find b****p folder.. any nudegs... please pm ..
    thanks

  • @shack said:

    Type your comment> @zaphoxx said:

    I am stuck at a point at user where i can read files but not all of the .php ; so far nothing i could read gave me some new information to proceed; plz pm for any nudges ; thx

    same here... can't find b****p folder.. any nudegs... please pm ..
    thanks

    Have a think about where these files would be stored in a normal Linux filesystem then with a bit of trial and error you will get the folder name.

    Start by working out which folder contains files to which the Linux system writes data during the course of its operation.

    Then it normally has a folder which serves as a home for things posted on port 80.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got user! On to root now, and this c****o is killing me... thought i found a flaw, but can't figure it out.

    @shack, if you are searching for a specific word, it might not be just a file or folder on 80... what else could it be?

  • the c****o is driving me crazy. I see that it is kind of broken but after an initial step without the k** I get stuck. any nudges or helpful links would be appreciated. thx.

    zaphoxx

  • Just finished and wanted to say thanks to the creators @infosecJack and @chivato!

    Probably the most fun HTB I've done, I've learnt a lot from doing this box (even/especially the bits that ended up being rabbit holes). And thanks to @EvilT0r13 for pointing out a technique I'd completely overlooked.

    Thanks for a super fun box to help with quarantine :))

  • @zaphoxx said:

    the c****o is driving me crazy. I see that it is kind of broken but after an initial step without the k** I get stuck. any nudges or helpful links would be appreciated. thx.

    You can write a bit of pythonic code to append to the python file which brute forces this fairly quickly.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • rooted - what a crazy ride. This was a great machine; enjoyed the crypto part a lot but also user was fantastic. good work. thanks to @HomeSen and @EvilT0r13 for the hints/nudge.


    @TazWake said:
    @zaphoxx said:

    the c****o is driving me crazy. I see that it is kind of broken but after an initial step without the k** I get stuck. any nudges or helpful links would be appreciated. thx.

    You can write a bit of pythonic code to append to the python file which brute forces this fairly quickly.

    I figured out (with some help from @HomeSen) a less brute force way to crack the msg. thx for the nudge/hint anyways, much appreciated.

    zaphoxx

  • Rooted! what a great ride... thanks for the challenge and the learning opportunities!

    PM for nudges.

  • This is a very difficult machine, I tried to use dirbuster to find extension xml and php, I cannot find any xml... and there is only one index.php... the directories I can find are /icons/, /icons/README and /icons/small/, hope someone can give me a nudge?

  • edited April 18

    rooted ... need hints ? Msg me on discord icoNic#0097

    Arrexel

  • Can anyone give me some nugget about how to use that a**? Nothing seems to work...

  • Rooted.

    I really enjoyed the journey but got a bit put out when I realized that my X*L exploit was not actually required. It seems strange that there were two ways to get the info for the initial foothold, a short and simple one and a long and complex one. Mind you, I learned a lot by going the long way round.

  • edited April 18

    Rooted. Really hard and beautiful machine.
    A lot of hints are already present in the thread, I add only few things:
    -Yes, there are badchars but the rest is good
    -For the last step of root you can do it without the terminal :smile:

    Thanks to the creators.

  • I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

  • @Brogramm3r said:

    I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

    Have a think about where these files would be stored in a normal Linux filesystem then with a bit of trial and error you will get the folder name.

    Start by working out which folder contains files to which the Linux system writes data during the course of its operation.

    Then it normally has a folder which serves as a home for things posted on port 80.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset... Any hint?

  • @Profhacker said:

    Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset... Any hint?

    I am not sure what you are asking about here, so I am going to hazard a guess that the hosts folder needs to be updated.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • So after some headaches, I have to say the box is straight forward and I would rater rate it medium.

    For initial touch,..as many already wrote..enumerate, find the obvious and abuse it
    from shell to user..well yea..timing is everything ;D

    from user to root..well that's a bit tricky and was for me the complicated part..you just have to break it..it helped me to add some prints and play around with the file.
    the last step was pretty easy and quick as its kind of obvious (basic enumeration)

    And please use the last command you can run as sudo or at least reset the box :)

  • Type your comment> @TazWake said:

    @Profhacker said:

    Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset... Any hint?

    I am not sure what you are asking about here, so I am going to hazard a guess that the hosts folder needs to be updated.

    Thanks!! I was being stupid! I did not have to change that file up until now...probably this is required to proceed with the box!

  • Type your comment> @Brogramm3r said:

    I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

    I'm at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

    Any hints anyone ?

  • @wantsnewsocks said:

    Type your comment> @Brogramm3r said:

    I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

    I'm at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

    Any hints anyone ?

    Same as last time https://forum.hackthebox.eu/discussion/comment/70274/#Comment_70274

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Nice box, but its not hard, maybe medium

  • Am I wasting my time trying to abuse this broken f** login in i*x.p?

  • @Brogramm3r said:

    Am I wasting my time trying to abuse this broken f** login in i*x.p?

    It depends. If I've read it correctly, you are looking at the file which gives you what you need to get access.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Some skids change the password of c*** plzzzzz stop that sh********

    Drxxx
    I wouldn't mind some +respect if I helped you ;)

  • need a push since my "permission is denied; not that way ;)"
    no idea on how to go over it

  • @Nt3c said:

    need a push since my "permission is denied; not that way ;)"
    no idea on how to go over it

    With PHP, you can apply a filter which lets you bypass this.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @Nt3c said:

    need a push since my "permission is denied; not that way ;)"
    no idea on how to go over it

    With PHP, you can apply a filter which lets you bypass this.

    got it :wink:

    Thanks @TazWake and @cY83rR0H1t

  • edited April 22

    Can anyone provide me with a nudge. I can read files, but I haven't found a way to execute code yet. DM please!

    Update: Thanks @cY83rR0H1t for pointing out the not so obvious place to look for code in progress/development!

  • edited April 22
    Just rooted !
    What a great box ! Thanks @cyberafro for your help.
Sign In to comment.