Traceback

1222325272830

Comments

  • @PChan said:

    Please help me here to move further

    There are a few ways you can do this. You can either create a script in the language which does things to grant you access or you can get the fck out of the shell.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @PChan said:

    Please help me here to move further

    There are a few ways you can do this. You can either create a script in the language which does things to grant you access or you can get the fck out of the shell.

    I stayed and did it. Thank you

  • Rooted, thanks for this machine. I don't really understand the moaning about resets, didn't disturb me at all. Foothold was quite unique, user was rather simple, a lot of useful hints on the forum. Root was a lot of fun, timing is important but I managed to get it on the first try.

  • Wasted a lot of time on not setting the correct permissions on a specific file. Nice machine learned a lot.

  • Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

  • Rooted, finally...after sooooooooo many attempts.
    Hint, don't overthink it....(like I did for the last 4 hours).

  • thanks Xh4h, great box! it was a pain that sometimes it would crash after getting first shell but learned a thing about ssh and a new programming language

    pm for hints. pleased to help!

  • Hi guys, i need help with this machine.
    i am trying to connect with SSH but get an error message of "access denied, please try later" i do not want to write all steps here because maybe other people did not reach this step yet.. but any suggestions? i gave the right permissions to the relevant files, edited the sshd.config as needed and still get the same error.
    any suggestions? :(

  • Already spawned a shell...Now having trouble escalating privileges...any hints??

  • @RomeosCyber there is a way of escalating using certain files in certain folders within your initial shell

  • @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

  • @>; @callmevader said:

    @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

    yeah
    i already have the s******n and w******n ssh shells, still struggling with priv esc

  • so what can you find in their directories?

  • Type your comment> @callmevader said:

    @Karthik0x00 said:
    Type your comment> @squirrelpizza said:

    So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

    Did you get where to upload?

    you found the hint have you tried looking up that hint?

    Yup I got it. But stuck at privilege escalation to r**t. Any hint?

  • @Karthik0x00 said:

    Yup I got it. But stuck at privilege escalation to r**t. Any hint?

    Try Spying on the running processes

    Watskip

    < Soli Deo Gloria >

  • Nice box. And good to have a privesc that's not too easily spelled out by automated scripts.

    I'm a bit curious on a certain job that appeared to run on the box, with an executable in UPPER CASE which didn't actually existe on the box ?!

    lebutter
    eCPPT | OSCP

  • How are people getting ideas of OSINT? i see it nowhere in the page source!
    and also the author has collection of web-shells? but how do i use this info?
    and also how do i use OSINT to proceed further?

  • Type your comment> @in3vitab13 said:
    > How are people getting ideas of OSINT? i see it nowhere in the page source!
    > and also the author has collection of web-shells? but how do i use this info?
    > and also how do i use OSINT to proceed further?

    The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?
  • Spoiler Removed

  • @dalemazza said:
    Type your comment> @in3vitab13 said:

    How are people getting ideas of OSINT? i see it nowhere in the page source!
    and also the author has collection of web-shells? but how do i use this info?
    and also how do i use OSINT to proceed further?

    The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

    also,, whats this hype about OSINT in the discussions?!

  • Type your comment> @in3vitab13 said:
    > (Quote)
    > also,, whats this hype about OSINT in the discussions?!

    It stands for Open source intelligence. It's a very broad term to use. It is using any legal means of collecting information on a target. Think of it as being passive reconnaissance
  • ohkay who is this fucker , who keeps messing with the box!
    It says my flag is wrong while submittng it!!

  • why does it say my flag is incorrect even after resetting it?

  • @in3vitab13 said:

    why does it say my flag is incorrect even after resetting it?

    The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I've no idea how it works on the backend.

    If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. https://hackthebox.atlassian.net/servicedesk/customer/portal/1

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @in3vitab13 said:

    why does it say my flag is incorrect even after resetting it?

    The dynamic flags should change on each reset. It probably takes a few minutes after a reset for the flags to be working but I've no idea how it works on the backend.

    If you have problems with this, you need to raise it with HTB via Jira so they can understand the scope of the problem. https://hackthebox.atlassian.net/servicedesk/customer/portal/1

    yeah, it worked once i tried it after a while!

  • Hint:
    For rooting, I checked running processes and I need to ssh the box (without password) to get reverseshell

  • Type your comment> @dalemazza said:

    Type your comment> @in3vitab13 said:

    How are people getting ideas of OSINT? i see it nowhere in the page source!
    and also the author has collection of web-shells? but how do i use this info?
    and also how do i use OSINT to proceed further?

    The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

    They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it's gone.

    Not sure what's going on but that's not cute, man lol. People need to stop ruining the fun.

  • @0xFFensvDfndr said:

    They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it's gone.

    No - just checked, its there.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    Type your comment> @TazWake said:

    @0xFFensvDfndr said:

    They are gone now as of the submission of this comment. Finally once i got an idea of how to approach after the OSINT, it's gone.

    No - just checked, its there.

    So apparently what i saw before was other peoples garbage and when I enummed again, I changed my query and boom... some dirs

Sign In to comment.