Admirer

145791023

Comments

  • Any hints for root?!

  • Thx @polarbearer and @GibParadox ! Super fun box. Good recap and learning experience, especially for an easy box! Part of the rooting process was new for me!

  • I'm stuck at a page that asks for creds. It doesnt seem to accept any that I offer it.
    anyone around for a nudge ?

  • For an easy box, this isn't going very easily. Found a whole bunch of creds & downloaded some files. Can't quite seem to locate this login page that everyone is talking about. hmmm...

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Type your comment> @gverre said:
    > Thx @polarbearer and @GibParadox ! Super fun box. Good recap and learning experience, especially for an easy box! Part of the rooting process was new for me!

    Glad you enjoyed it!
  • Type your comment> @jiggle said:

    For an easy box, this isn't going very easily. Found a whole bunch of creds & downloaded some files. Can't quite seem to locate this login page that everyone is talking about. hmmm...

    Yes it was the worst part for me. But is not hard, I was tried that filename before with no result. But after I get some other items from the lowest service files, the filename work. Also with the basic web enumeration tools and wordlist you can get it. It start with a so no long time is needed :smiley: )

  • Rooted. Kudos to the authors and @bertalting for the nudges.

    Foothold: hard to give some hints without spoiling, but you should literally search for the things that "no one should see". Very popular tool has special switch to search for multiple types at the same time. Use it
    User: a bit of guesswork is mandatory. You do have clues, but most likely you're looking for the wrong tool. Especially if you've never heard about the correct one. Machine name is a massive spoiler to get back to the right path.
    Root: is awesome. just awesome

  • edited May 2020

    I need a little help with root please. had lots of ideas. but none have worked. PM me please I will share what I have tried
    All Good!

    adyd

  • Type your comment> @sulfacid said:

    Type your comment> @jiggle said:

    For an easy box, this isn't going very easily. Found a whole bunch of creds & downloaded some files. Can't quite seem to locate this login page that everyone is talking about. hmmm...

    Yes it was the worst part for me. But is not hard, I was tried that filename before with no result. But after I get some other items from the lowest service files, the filename work. Also with the basic web enumeration tools and wordlist you can get it. It start with a so no long time is needed :smiley: )

    Yeah, I'll probably feel like an idiot once I get it.
    But so far that hasn"t happened :lol:

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Type your comment> @jiggle said:

    Type your comment> @sulfacid said:

    Type your comment> @jiggle said:

    For an easy box, this isn't going very easily. Found a whole bunch of creds & downloaded some files. Can't quite seem to locate this login page that everyone is talking about. hmmm...

    Yes it was the worst part for me. But is not hard, I was tried that filename before with no result. But after I get some other items from the lowest service files, the filename work. Also with the basic web enumeration tools and wordlist you can get it. It start with a so no long time is needed :smiley: )

    Yeah, I'll probably feel like an idiot once I get it.
    But so far that hasn"t happened :lol:

    I just found it & can confirm a feeling of idiocy is sweeping over me :sweat_smile:

    absolutenoob

  • Type your comment> @absolutenoob said:

    Type your comment> @jiggle said:

    Type your comment> @sulfacid said:

    Type your comment> @jiggle said:

    For an easy box, this isn't going very easily. Found a whole bunch of creds & downloaded some files. Can't quite seem to locate this login page that everyone is talking about. hmmm...

    Yes it was the worst part for me. But is not hard, I was tried that filename before with no result. But after I get some other items from the lowest service files, the filename work. Also with the basic web enumeration tools and wordlist you can get it. It start with a so no long time is needed :smiley: )

    Yeah, I'll probably feel like an idiot once I get it.
    But so far that hasn"t happened :lol:

    I just found it & can confirm a feeling of idiocy is sweeping over me :sweat_smile:

    Have same feelings lot of times when i try htb machines haha

  • Yeah, feel like a dummy.
    Thanks for the nudge @EvilT0r13

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Spoiler Removed

  • edited May 2020

    Spoiler Removed

  • Finally managed to get user, what a journey that was! PM if you need a push in the right direction or discord code0x13#4635

  • Rooted!

    Learned some new interesting things :)
    Thanks to @olsv and @thomsd for the nudges

    Feel free to PM me for hints

  • Finished USER earlier this evening. Thanks to a few folks on here for keeping me on target. My advice for those in this phase...

    - Your initial enum won’t turn up everything you need, even though you may think you have a lot. Maybe wordlists will only take you so far.
    - Look at the files you have found and what they say about other services at work internally. Maybe Google will take you were your wordlist could not.
    - Once you have the page you seek, Don’t forget about the files you found. Now that you know more, keep googling to find a script for what is exposed. BUT those previous files will tell you what you need to get with it.
    - Once you have what you came for, it works where it should but also where you really need it.

    limelight

  • Found the c*******.*** file, but ive been fuzzing for ages and haven't found any creds. Can somebody give me a nudge?
  • Any hint on the login page?

  • Type your comment> @N00p said:

    Any hint on the login page?

    same stuck here, tried hydra with rockyou but is very very slow.

  • Woke up a couple hours ago. Was up until morning but finally got root and understand the whole process throughout (which is the most important part of these challenges), so if anyone needs a nudge I would not give it to you in a silver platter but help you understand the process until you get it so if you want a quick help don't msg me; if you want to learn in the process PM me.

    Hack The Box

    discord: vicio#4677

    Always Remember MRX Rules:
    1. No System is Safe
    2. Aim for the Impossible
    3. Have fun at cyberspace and meat space

  • Type your comment> @yzkofk said:

    Type your comment> @N00p said:

    Any hint on the login page?

    same stuck here, tried hydra with rockyou but is very very slow.

    brute forcing / fuzzing with the normal wordlists aren’t going to find the login page you seek. Google with some keywords you already know will be a much more efficient way.

    limelight

  • lovely box :)
    user was much harder than root. ton of red herrings and a whole bunch of steps. i recommend paying attention to comments and other things that might seem irrelevant and put a little more thought and research into that

    0x41

  • Getting user has been a brutal experience for me haha but Im glad I persisted. Actually learned a TON from this first part.

    Hack The Box

  • Got user, definitely not a easy machine ^^

  • Type your comment> @H8des said:

    Found the c*******.*** file, but ive been fuzzing for ages and haven't found any creds. Can somebody give me a nudge?

    thanks for this nudge.... and i guessed it correct.. WTH...

  • Just got user, as frustrated as I got there at times, that was awesome when it all came together.

  • The thing that surprised me.... took a look through all of the default wordlists. It is surprising how many of them have the word that is needed to solve this . I should have had this done ages ago if i were a little more methodical

  • That was a nice little box thankies Mr(s) box maker(s), maybe a little bit medium than easy but whatever it was a cool one, i don't understand why some here are complaining about rabbitholes i mean thats a part of the game it makes it more fun and you get to learn way more than if the path was straight.
    Foothold : Fuzzing directories with diversity of extentions (without forgetting that this box is an easy marked one so don't get too far) and never give up fuzz everything
    User : Google is your best friend, i gave up on what i've found because of a miss i did myself so make sure it's well done
    Root : Classical one, just look step by step at what you have at hands and and make sure that the atmosphere is by your side in this one lol
    Hope i'm not spoiling anything.

  • edited May 2020

    rooted finally

    thanks to @vicio and @Selcius for nudges and help
    thanks also to the machine makers
    learn a lot

    hint its already in this thread
    you can DM for nudges

Sign In to comment.