ForwardSlash

So after some headaches, I have to say the box is straight forward and I would rater rate it medium.

For initial touch,…as many already wrote…enumerate, find the obvious and abuse it
from shell to user…well yea…timing is everything ;D

from user to root…well that’s a bit tricky and was for me the complicated part…you just have to break it…it helped me to add some prints and play around with the file.
the last step was pretty easy and quick as its kind of obvious (basic enumeration)

And please use the last command you can run as sudo or at least reset the box :slight_smile:

Type your comment> @TazWake said:

@Profhacker said:

Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset… Any hint?

I am not sure what you are asking about here, so I am going to hazard a guess that the hosts folder needs to be updated.

Thanks!! I was being stupid! I did not have to change that file up until now…probably this is required to proceed with the box!

Type your comment> @Brogramm3r said:

I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

Any hints anyone ?

@wantsnewsocks said:

Type your comment> @Brogramm3r said:

I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

Any hints anyone ?

Same as last time ForwardSlash - #166 by TazWake - Machines - Hack The Box :: Forums

Nice box, but its not hard, maybe medium

Am I wasting my time trying to abuse this broken f** login in i***x.**p?

@Brogramm3r said:

Am I wasting my time trying to abuse this broken f** login in i***x.**p?

It depends. If I’ve read it correctly, you are looking at the file which gives you what you need to get access.

Some skids change the password of c*** plzzzzz stop that sh********

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

@Nt3c said:

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

With PHP, you can apply a filter which lets you bypass this.

Type your comment> @TazWake said:

@Nt3c said:

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

With PHP, you can apply a filter which lets you bypass this.

got it :wink:

Thanks @TazWake and @cY83rR0H1t

Can anyone provide me with a nudge. I can read files, but I haven’t found a way to execute code yet. DM please!

Update: Thanks @cY83rR0H1t for pointing out the not so obvious place to look for code in progress/development!

Just rooted !
What a great box ! Thanks @cyberafro for your help.

any nudge plz about the c****o ? I’m stuck :frowning:

@Drxxx said:

any nudge plz about the c****o ? I’m stuck :frowning:

If you mean the python file, you can add code which brute forces it.

Type your comment> @TazWake said:

@Drxxx said:

any nudge plz about the c****o ? I’m stuck :frowning:

If you mean the python file, you can add code which brute forces it.

Yes, I did that with rockyou list but failed all pass as keys

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

bad idea. if rockyou dosen’t work for you, you’re doing something wrong.

Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

@0x41 said:
Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

bad idea. if rockyou dosen’t work for you, you’re doing something wrong.

Thank you both a lot … you’re awesome … Your both point of view is correct … I was able to get it by both ways … Thank you … Insane Machine … thanks for the creators @InfoSecJack & @chivato … I have learned really a lot in those 2 days, I wish the attached mp3 wasn’t empty;) … I’m so interested in know if that image has another path to the solution …

Final step I had found it exist … SO I have to undo what else leave behind and re-do the final step again … then clean my work …

can anyone give me a hint on the python c****o either on a smarter way of attacking it, i’m having issue with brute forcing it, possibly python 2.7 vs 3 string processing reading from files