Quick

1356713

Comments

  • Alright i have helped enough people lol, now i need help. i will try to keep this generic so i dont get popped again

    my simple thing isnt working...... my payload in the MB should work had people test it... ufw is not installed on my machine.....i need a sanity check.... i know what i need to do the simple thing just wont talk....

  • Type your comment> @guanicoe said:

    i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

    I still dont know why nobody answered that, but i got a strong feeling that it isnt smh even if i'm still having nothing as a foothold euuuh

  • Type your comment> @m1111 said:

    got creds from Co**********.**f and emails from ?V***=a***t
    tried to login with them and nothing worked
    ??

    I'm on the same spot as you, tried with all users that i found but nothing :(

  • For those that at least got as far as the juicy info in that document, you can PM me for a nudge.

  • Type your comment> @Selcius said:

    Type your comment> @guanicoe said:

    i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

    I still dont know why nobody answered that, but i got a strong feeling that it isnt smh even if i'm still having nothing as a foothold euuuh

    if you get that error then maybe your need to rebuild the tool your using or look into that experimental feature....

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • Calling all Superstars i am soclose to user i need a sanity check to see if my approach is solid....which i think it is....hep hep me please

  • My god!!! Finally! What a ride for that user.... The foothold was tough, but how proud i feel right now!! :-) Onto Root!

  • edited April 2020

    User was not very obvious, but the forum is loaded with hints of the struggles.
    Second PrivEsc was probably the most enjoyable part of this box.
    Root was too "quick" Don't need to look very far.
    I liked the box but wish it had more stepping stones along the way, especially on the initial foothold.
    It fits its category of difficult and had some custom exploitation along the way.

    On another note, if anyone can enlighten me on how to resolve DNS hosts using python if a box doesn't have capabilities to add to the etc hosts file, that would be awesome!
    I currently only know of curl that can --resolve DNS override!

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • finally got user
    learned a lot !!

  • i'm frustated in initialfoothold.
    tried to fuzz the web, login form, access the portal,

    Any nudge would be appreciated.

  • Oh man, finally got that user flag. It's been a ride. Wowza.

  • user was pretty hard because i couldn't for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root

    enjoyed this box a lot as well, keep 'em coming r3boot ^^

    0x41

  • can anyone help me with foothold please ?

  • Spoiler Removed

  • Not getting anywhere with this box, not even the slightest hint of progress. I've tried dir busting and fuzzing but not got much back. I've found some headers that appear to suggest Jy and I've got a couple of URLs, w-f & m-**f but I don't know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.

  • Super cool box, just got the user!

  • just got user.. when the creator said it was esoteric they sure weren't kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.

    alt text

  • Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    I'm getting this, any hints how to bypass it ?

  • can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall...

    Hack The Box

  • Type your comment> @Dreadless said:

    can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall...

    Inspect the header of the requests closely, you'll find the clue to the next step.

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • great machine, I appreciated.


    [email protected]:~# ifconfig|fgrep 10.|awk '{print $2}'&&whoami
    10.10.10.186
    root

    calipendula
    for nudges on discord calipendula#1089
    please don't ask solutions but little hints

  • Where are u guys getting the creds for login?? I'm getting "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" & stuck here...is there any other any port I'm missing out?

  • Type your comment> @b3nn said:

    Type your comment> @Dreadless said:

    can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall...

    Inspect the header of the requests closely, you'll find the clue to the next step.

    I fear this is something new to me as I am looking at the headers but not seeing the magic

    Hack The Box

  • finally got user last night, working to create an RCE script today so I can get back quickly. ready to tackle the user privesc and then onto root!

    PM with what you tried up t if you're stuck.

  • Type your comment> @alalno said:

    Where are u guys getting the creds for login?? I'm getting "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" & stuck here...is there any other any port I'm missing out?

    This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you'd get from a port that's not supporting HTTPS. So.... is there another port you might need to try?

  • edited April 2020
    @calipendula Thanks for clearing my brain! And as always @applepyguy thanks for the constant guidance as well haha
  • edited April 2020

    Just got user! Man this was a way to go for me. Now it's time for root

    Edit: Got Root, this box was quite a journey for me.
    PM me for nudges

  • Type your comment> @DaWoschbar said:
    > Just got user! Man this was a way to go for me. Now it's time for root

    Same here. :)
  • Hi, is there anyone willing to help me out with the initial foothold? many thanks

  • really tough box if i didnt get help i quit lol
    new tech really make me cry

Sign In to comment.