Magic

1246721

Comments

  • i got wwwdata, I got some my*** credentials but i dont know what to do with them

  • Ok i took some notes now so im gonna also give some tips in here:
    foothold: It's very easy. After that think of the machine's name
    user: There are many different programs installed with which you can use with your information to get user.
    root: Look if there is something unusual. Spy to find out what it does or look at it's text to look how it does things.

    Hack The Box

  • im on the verge of breaking my computer im stuck.

  • @BE4VER said:
    im on the verge of breaking my computer im stuck.

    stuck on image upload all im getting is "What are you trying to do there?" fucking bs

  • i just gotta calm down and enumerate.

  • Type your comment> @BE4VER said:

    i just gotta calm down and enumerate.

    no enumeration needed to upload shell. Focus on the headers

  • Type your comment> @ciberpapi said:

    i got wwwdata, I got some my*** credentials but i dont know what to do with them

    Check for alternatives no need to login to u can get what ever u want :wink:

  • stuck on shell upload! pls pm for hints !

  • Very nice and easy box, root got me digging some rabbit holes. It was good learning experience. The hints here are sufficient, but still happy to help if anyone needs a nudge.

  • and... i also need a push with the upload :cold_sweat:
    Tried different applications and methods but my cmds are not executed

    CySA+ | CEH | MCP | MCSA

  • just got shell the best advice i can give you is youtube lol

  • Type your comment> @ciberpapi said:

    "What are you trying to do there?" while trying to do magic :confused:

    Sounds like magic is the part you forgot to add

    0x41

  • Rooted!!!
    Great Box
  • Oh dude who posted that qr ๐Ÿ˜‚. I thought it was related..... Man that calculation

    s1lv3rst4r

  • Rooted! totally over complicated root.

    take the time to watch what is happening. basic attention to detail.

    Hack The Box

  • A very nice box, I really enjoyed it :)
    Thank you @ByteM3 for the awesome box.
    Hits:
    foothold:

    • if you found the form, then try to find a way to trick it.
      user:

    • you need a stable shell.
      root:

    • Enumerate, when you find it then look into the binary.

    I hope this helps :smile:

  • Type your comment> @xAbdulRhman said:

    A very nice box, I really enjoyed it :)
    Thank you @ByteM3 for the awesome box.
    Hits:
    foothold:

    • if you found the form, then try to find a way to trick it.
      user:

    • you need a stable shell.
      root:

    • Enumerate, when you find it then look into the binary.

    I hope this helps :smile:

    ahaha thanks for the credit but 100% wasnt me. I just started the thread!

  • Type your comment> @ByteM3 said:

    Type your comment> @xAbdulRhman said:

    A very nice box, I really enjoyed it :)
    Thank you @ByteM3 for the awesome box.
    Hits:
    foothold:

    • if you found the form, then try to find a way to trick it.
      user:

    • you need a stable shell.
      root:

    • Enumerate, when you find it then look into the binary.

    I hope this helps :smile:

    ahaha thanks for the credit but 100% wasnt me. I just started the thread!

    Oops sorry :smile:
    Thank you @TRX

  • Type your comment> @0x41 said:

    Type your comment> @ciberpapi said:

    "What are you trying to do there?" while trying to do magic :confused:

    Sounds like magic is the part you forgot to add

    thanks for the reply, but I already did the magic, thank you anyways, now im stuck at wwwdata :c

  • Pretty fun box overall, foothold was straight forward but user and root definitely took a bit longer to get. This box is good to brush up your linux enum skills for sure, I definitely needed it. Thanks @TRX for the box.

    If anyone is really stuck feel free to send me a pm for a nudge.

    neon45

  • So when looking for all the things i can find, none of the tricks from there are kicking me a stable one please HELP!! I am sure i am making it harder than i need to :(

  • Type your comment> @s1lv3rst4r said:

    Oh dude who posted that qr ๐Ÿ˜‚. I thought it was related..... Man that calculation

    Haha I did the same lol. It was only after the box reset I realised someone uploaded the QR image.

  • edited April 2020
    ROOTED!!
    I made it far more complicated than it needed to be to get root. The advice in here has been spot on for getting there though.
    For root think about how commands are run.
    Thanks @TRX I learnt a lot on this one, thanks to those that gave me nudges in the right direction aswell.
    ![DarkAngel3007](https://www.hackthebox.eu/badge/image/242475)
    DM for hints, if you do I need more info than 'help with...' what commands etc have you tried?
  • edited April 2020

    Stuck on the file upload. I've played with the headers but still getting the message What are you trying to do there?

    Can I have a nudge please.

    Edit: I got it the file upload but need to find it. Magic.

    Edit 2: Thanks to @Cedgar for the nudge, I got the reverse shell.

  • edited April 2020

    Might need a nudge on root. Been stuck enum for a while.
    Update. Got root.

  • Type your comment> @CyberFunk said:

    Type your comment> @s1lv3rst4r said:

    Oh dude who posted that qr ๐Ÿ˜‚. I thought it was related..... Man that calculation

    Haha I did the same lol. It was only after the box reset I realised someone uploaded the QR image.

    HHHH sorry it was me .. just a QR photo from another challenge ๐Ÿ˜‚

    Drxxx
    I wouldn't mind some +respect if I helped you ;)

  • Great box.
    Was stuck with privesc but finally rooted.

    User: try different payloads.
    Root: you need to find special tool..

    Feel free to msg me for hints.

  • Easy and fun.

    One big favor to all that will reach to forum, stop resetting the box. It's not nice, it's annoying and spoils the fun.

    Some tips from my side,

    User: Enumerate all, ffuf will do the work pretty fast. For the form, the first option that you will find in google.
    Root: Look for what shouldn't be there. SUID3NUM or anything else that you normally use will do the trick. From then on strings or strace will work for you.

  • edited April 2020

    Rooted:

    Foothold - get logged in, then pay attention to the name of the box.
    User - Pay attention to running services, and always try any found credentials everywhere you can
    Root - linpeas will get you halfway, pspy will get you another quarter, and knowledge of how linux decides the order in which to run programs will bring you home.

    Happy to help anyone who needs a nudge.

    marlasthemage

  • edited April 2020

    @s1lv3rst4r said:

    Oh dude who posted that qr ๐Ÿ˜‚. I thought it was related..... Man that calculation

    EU VIP 14 ? I did question the math as well !

    myrtle

    To contact me, please use Discord Myrtle#5162

Sign In to comment.