Cache

1356717

Comments

  • Type your comment> @chicxulub said:

    the box is fine where I am at, I dont think it's been down once. I found creds, after I bypassed the page anyway hah.

    It's back up :) Seems a little unstable, but not drastically, phew

    S1ph1lys

    We are the things that were and shall be again

  • edited May 9

    Congratulation @InfoSecJack for the first blood $_$ .. but why it says after 4 hrs !!

    Drxxx
    I wouldn't mind some +respect if I helped you ;)

  • Type your comment> @Drxxx said:

    Congratulation @InfoSecJack for the first blood $_$ .. but why it says after 4 hrs !!

    Timestamps are fucked up. Every new machine someone posts this ahahah

  • How on earth has anyone managed to hack into this box. I'm getting nothing back from dirb scans. I've found the under construction page but that's it. What the hell am I missing here (a lot I suspect).

  • @Drxxx said:

    Congratulation @InfoSecJack for the first blood $_$ .. but why it says after 4 hrs !!

    First blood occurs in the future lol. I think it's a bug, been noticing it lately.
    Back to the topic: Can anyone tell me if the creds are useful elsewhere aside from logging in to see an incomplete site?

  • edited May 10
    @avonsec the answer is not in the page after logging in!
  • anyone can see the incomplete site without the creds :(

  • Thanks @R3m0tE, I'll take another look at that empty thing. @Linoge some people bypass the login before actually finding the creds

  • Type your comment> @R3m0tE said:

    @avonsec the answer is in the page after logging in!

    if anyone crack whats in the login page or is not the path ???

  • Type your comment> @avonsec said:

    Thanks @R3m0tE, I'll take another look at that empty thing. @Linoge some people bypass the login before actually finding the creds

    id did lol
    then i found the creds

  • Type your comment> @ElVi7MaJoR said:

    Type your comment> @avonsec said:

    Thanks @R3m0tE, I'll take another look at that empty thing. @Linoge some people bypass the login before actually finding the creds

    id did lol
    then i found the creds

    So ? Did you find them useful some how ?

    Drxxx
    I wouldn't mind some +respect if I helped you ;)

  • Type your comment> @Drxxx said:

    Type your comment> @ElVi7MaJoR said:

    Type your comment> @avonsec said:

    Thanks @R3m0tE, I'll take another look at that empty thing. @Linoge some people bypass the login before actually finding the creds

    id did lol
    then i found the creds

    So ? Did you find them useful some how ?

    they just give me access in login for now

  • edited May 11

    god dammit, just found the H**
    this is the first box that i've seen that does that, it shouldn't be allowed ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

    EDIT: so i have no idea how you're supposed to get user, but rooted :^)

    0x41

  • i found cached version of op**** on goo*** which contain a vulnerability report for that version,

    Arrexel
    OSCP | I'm not a rapper

  • Spoiler Removed

  • @R3m0tE said:
    @avonsec the answer is in the page after logging in!

    Is there something hidden in the image? I've tried to analyze with fft and a couple other methods. Not seeing anything...

  • Rooted. Interesting box.
    Foothold: Look for clues, don't focus on things that aren't dynamic. If something is working slowly, find something faster.
    User: Go back to your notes
    Lateral movement: The name helps
    Root: Find out more about yourself

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Same here @Brogramm3r . I've had rockyou.txt running with steghide decode... but nothing for ages. Stopped it now.

    Arrexel
    eJPT

  • edited May 11

    rooted, really nice machine :)

  • Type your comment> @thegingerninja said:

    Same here @Brogramm3r . I've had rockyou.txt running with steghide decode... but nothing for ages. Stopped it now.

    Don't waste time on it ;)

  • edited May 10

    Rooted.
    You need to enumerate everything at the beginning. Anything you find can be used later.
    If something isn't working for you then you either have to:
    1) Reset the box - because the exploit method can be unstable at times
    2) Try a newer exploit/page. :disappointed:

    Hints:
    Metasploit will not help you here.
    The rest of the box is not new stuff. I've seen the root exploit 4+ times on other boxes on this website.

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • Found the password for the admin user, but can't get the reverse shell. Is the remote execution exploit is the way to go?

  • edited May 10

    Rooted. Root seemed way too easy, so I'm not sure if it was actually intended or not.

    Foothold - Fuzzing for a different entry point before forcing your way in (you can also check the front page for a hint as to where to look)
    User - The name of the box isn't irrelevant
    Root - Show your power and gtfo

    Thanks @ASHacker :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'โ€

  • Interesting machine, except for the stability part at the beginning.

    User : use the info you find, no need to break the machine
    Root : some basic privesc enumeration should guide you to the end

    If you're stuck, PM for more hints (here or on discord: cerebro11#1281)

  • Thank you for your time...
    Congrats to you guys @cerebro11 @farbs @godylocks @H0ru5 @clubby789
    And sorry @godylocks i didn't know that root exploit was already on other machine...

    ASHacker

  • rooted :)

    HTB{HappyHacking}

  • r0000ted. If anyone needs help AFTER getting a HUGE headache, I might give you a nudge.

    Hack The Box

    discord: vicio#4677

    Always Remember MRX Rules:
    1. No System is Safe
    2. Aim for the Impossible
    3. Have fun at cyberspace and meat space

  • Thx @ASHacker. Interesting box. The user part gave me hard time! Overall, good challenge!

  • rooted
    Interesting machine ; good job
    user : enumerate and enumerate and enumerate and enumerate and enumerate and exploit ...
    root : remember what you see when you open the door and privesc :) like a charm
    thank you for the box

  • Congrats to @t0vlix @vicio @gverre @rfg
    And please review the machine, that will be helpfull for future

    ASHacker

Sign In to comment.