Book

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

mother of pearl that was hard getting user. Learned a ton and onto root!

Type your comment> @Tempuslancien said:

Hello,
I know the privesc needs to play with lro*.
But is it to exploit an apache vul like cfca**** or not at all?

THanks for your answer

You are on the right way with your first statement. As mentioned there is a well documented tutorial to exploit this vulnerability which you can use with almost no changes. Try to understand why you have this files in your user directory and what happens when the vuln program runs.

nice box, took me forever to get user, but then root was pretty straight forward after some enumeration and googling.

@reini thank you so much!

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?

Type your comment> @TazWake said:

@TheDante98 said:

Hi! Some nudge to get into the admin pannel? I know what to do but not how actually do it. I tried many things and nothing works.

Is this any help?
Book - #333 by exzandar - Machines - Hack The Box :: Forums

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

Finally rooted after a whole week. Overall super awesome box I learned a TON with this one. Really had to work to make it past each step.

@TheDante98 said:

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

ok

Type your comment> @TazWake said:

@TheDante98 said:

Yeah, I know I have to overwrite it. The thing is I don’t know what uncommon technique to use and it is hard to google it. I’m trying everything in Burp. I can PM you with the things I tried and managed to do.

ok

No prob, I just got it, @Cedgar helped me. It was really easy, I was just missing a thing. I won’t forget this lesson though. Thank you very much to both of you!

Great box, Kudos on this. Really liked the different methods here and it was a good learning experience!

Definitely enough hints in this thread, best I can say:

User: see all the other comments, nothing better to say here

Root: Once you learn how things switch in and out, RTFM, and compare what you found online with what you have available. Once you tweak it correctly, if you aren’t getting the expected output, be sure try a few times and different ways, sometimes things you think won’t work, but they eventually will :wink:

I’ve managed to get something important that should let me in on a small port. It doesn’t seem to be working though and I’m completely stuck. I have tried my best not to ask for help and I’m proud how far I’ve gotten but if someone could PM me I’d really appreciate a nudge.

@Baz928 said:

I’ve managed to get something important that should let me in on a small port. It doesn’t seem to be working though and I’m completely stuck. I have tried my best not to ask for help and I’m proud how far I’ve gotten but if someone could PM me I’d really appreciate a nudge.

Chances are good that your content is missing some characters at the end of each line.

Look for a different way to read it.

Rooted !
DM if you stuck

After banging my head during 3 days I got user. 1 day totally spent in syntax errors and some crazy things. It was always in front of me! I’m really enjoying this box, it has many little things where you can learn.

Thanks to @TazWake! He gave many useful tips around this thread!

DM if you need help!

Hi!
I’ve made my way to admin panel, I’ve seen how the two panels can communicate but haven’t been able to get any info from server. Can someone point me to the correct name of the vulnerability here? Cause i’ve been searching around in circles and everything has failed.
Thanks!!

@0x0ff537 said:

Can someone point me to the correct name of the vulnerability here?

Not easily without it being a massive spoiler. If you read by through the posts in this thread there are millions of hints which will push you in the right direction. And the last letter of its “name” is s.

Spoiler Removed

jeez a lot of posts on this box so no apologies for not reading them all. I am trying to workout PL to upload as low user to export as higher user. think I have gone down a few rabbit holes here, can anyone PM me so I can say what it is I am trying and failing with please?
Thanks for the help, you know who you are!