Magic

2456721

Comments

  • edited April 2020

    Spoiler Removed

    myrtle

    To contact me, please use Discord Myrtle#5162

  • Just got root...
    Thanks to @sh0wa for helping me out of my rabbit hole...

    I made root harder that it had to be...

  • Pretty basic, but learned a trick I didn't think worked at the end. Nice box.

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Rooted thanks to a nudge, thanks @sh0wa !
    Root was quite hard to spot. Requires some proper enum and knowledge of (basic) vulns! :)

    ~~~~~
    Hack The Box
    Don't forget that +respect button if I helped you!

  • rooted and learned alot

    Hack The Box

  • edited April 2020

    any nudges on initial foothold. I think some nasty h***** are the way to bypass login, but nothing I tried works. Am I going down a rabbit hole?

    Anuragd

  • have user looking for root, not finding much could use a nudge :)

    Arrexel
    GWAPT,Security+,VCP,A+,Server+,Linux+,Nework+

  • struggling to actually login on the page, any help would be appreciated :)))))

  • edited April 2020

    root was hard to spot, but easy to exploit :3
    fun box

    EDIT: i recommend using that one big expensive commercial tool instead of the cool open source one for root

    0x41

  • Yea stuck after user. Ran lots of enum scripts. Found some interesting binary, not sure where to go

  • edited April 2020

    edit: got root.

    Pretty cool box. Thanks @TRX for the learning experience. Also thanks to @0x41 and @skunk for the tips.

    @sh0wa left a great hint for root.

    occamslaser

  • Really enjoyed this, thanks @TRX

  • edited April 2020

    User was fun, would appreciate a nudge on root, been trawling the files for a fair while :smiley:

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • Just can't get past the login page. I would appreciate a hint ;)

  • @ElPenetrador said:
    Just can't get past the login page. I would appreciate a hint ;)

    it's the first result on google for me ^^

    0x41

  • Spoiler Removed

    Starksparrow

  • need help with reverse shell

    Starksparrow

  • rooted. Box easily but very fun. If you need a hint can ask me

  • Initial foothold wasnt too bad, now kinda stuck on privesc. So far cool box, very enjoyable

    Hack The Box

  • Rooted. Super fun box. Got user super fast. Lost way too much time on root! Like always, way simpler that i initially tought! Little hint for root.... if your digging a tunnel, it is probably to dig a rabbit hole... like me... :-) PM for nudge! :-)

  • edited April 2020

    @AidynSkullz said:
    Found a login portal. Got only 1 hit when checking passwords. Is it sl****?
    First time posting, so don't know if it's a spoiler or not.

    I got this also. Simple enum will find you another way in

  • edited April 2020

    please, clean everything before leaving... always.

    user: behind a made-up face there may be a devil
    root: ehi root, are you going to get milk? Take a thing for me too please (thx @boombyte )

    [email protected]:/var/root/htb/185# nc -nvlp 1235
    Ncat: Connection from 10.10.10.185:56816.
    # id
    uid=0(root) gid=0(root) groups=0(root),100(users),1000(t*****s)

  • Got in as www-****, can't really see any way up to the user th*****. Found those creds but ain't working. Tried in multiple places. Found es***** but I guess that's a rabbit hole. Any nudge / hint would be very helpful. Thanks.

  • edited April 2020

    Is someone deleting my backdoors or are they removed automatically? Not really a big deal since I can just upload it quickly again but it's slightly annoying :neutral:

    are the db creds a rabbit hole?

  • I uploaded the file but can't find my file
    any hint?

  • Type your comment> @b33lz3bub said:

    I uploaded the file but can't find my file
    any hint?

    does it show up on the main page? if so then you'll be able to tell where it is...

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • Any hint for the user?

    Found Password but can't log in with it.
  • Type your comment> @ls4cfk said:

    Any hint for the user?

    Found Password but can't log in with it.

    you should be able to, unless it's the wrong password.

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • Type your comment> @b3nn said:

    Type your comment> @ls4cfk said:

    Any hint for the user?

    Found Password but can't log in with it.

    you should be able to, unless it's the wrong password.

    I do have the pass for th***** but I guess from the discussion there is some other pass too. Swear I traversed the whole dir structure but no good.

  • Thanks @TRX for this box.

    Relatively easy one Both user and privesc require extensive enumeration.

    Some tips (hopefully doesnt spoil much):
    User: fool the webserver with the asset you are offering to him.
    Root: your 'gang' is more powerful than you think

    Arrexel

Sign In to comment.