Quick

178101213

Comments

  • edited May 2020

    Potential typo in j**.*hp? Logged in as s**, and it's very clear what to do (if it is a typo); however, the script does a chmod on a j** directory that doesn't exist? Trying to be vague but please PM for details.. Let me know if a typo or if I need to look elsewhere..

    USVIP7, if that makes a difference.

  • [email protected]:~# ifconfig ens33 | fgrep 10. | awk '{print $2}' && whoami
    10.10.10.186
    root

    Curious as to what the root was all about as it doesn't really make sense to me the format in which I found it? Anyone got any ideas then let me know!

    Other than that, amazing box, ripped me to shreds the last 3 days, even considered going outside at one point. Cheers! Open for help if anyone needs it but I'm having a beer and a pizza now.

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • edited May 2020

    Finally rooted it. @MrR3boot thanks for the pain. @nicoswd thanks for not letting me give up at user1 > user2 even though I tried about 6 times. What a ride. Encoding is important.

  • @fiddler said:

    Potential typo in j**.*hp? Logged in as s**, and it's very clear what to do (if it is a typo); however, the script does a chmod on a j** directory that doesn't exist? Trying to be vague but please PM for details.. Let me know if a typo or if I need to look elsewhere..

    USVIP7, if that makes a difference.

    Looks like a typo, yes. You can still exploit it, though :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Hey all. I need help in initial foothold. I found the service running on that por***.q****.h**
    and also found a tool which can be used to access that particular service. But i'm encountering on error while installing.
    like this "could not find static 'cry**o'. Can anyone help me out?
    PM me

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited May 2020

    Got root! hardest box i've ever done, shaken me to my very core and nearly quit hacking. But it was very well written and worth the own! Very eye opening -

    PM me when the pain is too much and you've tried everything lol

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Rooted:
    [email protected]:~# hostname && id
    quick
    uid=0(root) gid=0(root) groups=0(root)

    Thanks @MrR3boot that was a nice learning experience!!!
    Feel free to drop me a message if u need help

  • edited May 2020

    You need to do two tasks for each step. I try to give you some hints although it is really hard to give hints without spoiling the box.

    Edit or delete the comment if it spoils the box.

    Initial foothold:
    Nmap supports different protocols for scanning. You can find some port numbers which works on different protocols. Find it and google for the appropriate tool.

    Pick your smartphone up and look at your gmail inbox, you haven't recieved all emails from gmail users, right?

    User1:
    Always know what you request and what you get in return. Burpsuite is always your friend.

    User2:
    Oh damn! its really amazing, just read, and think out of the box. If you are not good at programming, hmmmm it's ok, you can find another way to get into the page. just Think Out Of The Box.
    If you are not good at PHP, hmmm you would be in pain :)

    Root:
    There is nothing to say, just stay at home and read everything you see.

  • Why won't htb let me reply to more than two inbox messages?

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • @CRYP70 They have a protection in place that won't let you send a certain number of messages within a certain time frame (30 seconds, I think).

    marlasthemage

  • edited May 2020

    I’m user 1 and found the p****** files, but I don’t understand how to access the pages. Do I need to set this thing up myself?

    bigFish43
    eJPT

  • I struggled hard with this box but in reply to all the messages here's my two cents of hints:

    • Foothole: yes, youre on the right track. It's meant to be like that.
    • User: Not sure how to hint this one without giving too much away, previous forum posts have mentioned this plenty of time. lmk if you need sanity checking..Amazing user flag so you'll feel better if you get this on your own.
    • Second user: I figured this out the hard way. Don't bother wasting time experimenting and testing...just actually exploit it, but don't go too far. Thank me later. Thanks to @nicoswd for that one.
    • Root: Standard enumeration - with all the terrible things happening in the news, its safer to just stay and home and hack shit.

    if('spoiler' == true){
    remove_post();
    }

    peace everyone, hope ya'll had a good weekend!

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.

  • @user29 said:

    Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.

    It is a bit of "guess the email" but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can "guess" the email you need.

    However, it might be better to use the information to create a wordlist then try a password spray attack.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Rooted!

    Props to @MrR3boot

  • Oh, and the wonderful @TazWake for the nudge again. Always dropping those useful hints!

  • Rooted!!
    Great box!

    Zigzar

  • edited May 2020

    I have access to the login creds and t******.php, but I need help with my payload. I can get commands to execute (from what I can tell), but I can't get anything useful to run successfully.

    Edit: nvm I figured it out.

    Hack The Box
    DM for nudges as long as you've made an attempt already | Discord: @jhnhnck#1776
    See also: https://www.nohello.com/

  • @TazWake said:
    @user29 said:

    Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.

    It is a bit of "guess the email" but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can "guess" the email you need.

    However, it might be better to use the information to create a wordlist then try a password spray attack.

    I'm still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?

  • @chonmayo said:

    I'm still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?

    Sadly, I cant think of any way to say more without it getting removed as a spoiler.

    All I can say is you probably need to try more combinations. The information is on the site.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Finally rooted. This was quite a ride for me, but I’m happy I stuck with it. Here are my hints:

    Foothold: The latest tech will save you.

    User 1: If you can’t do it in one step, do it in three steps.

    User 2: Writing can be so much more fun than reading.

    Root: Once you find it, just try it out! Do NOT overcomplicate this last step or you’ll find yourself in a world of pain.

    PM for nuggets.

    bigFish43
    eJPT

  • edited June 2020

    Whew, user finally pwned... so many new techniques and ways to try harder.

    Awesome box so far! On to root...

    edit: User2 pwned, awesome privesc method :)

    edit: rooted!

    Hack The Box

  • edited June 2020

    Finally got user flag ! The foothold was quite frustrating!
    I'm trying to spawn the reverse shell but I'm stuck! A nudge would be very welcome :)
    Now I am trying to decrypt a hash, the password doesn't seems in rock***.
    Edit: Rooted PM me for nudges

  • Type your comment> @chonmayo said:

    @TazWake said:
    @user29 said:

    Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.

    It is a bit of "guess the email" but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can "guess" the email you need.

    However, it might be better to use the information to create a wordlist then try a password spray attack.

    I'm still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?

    I had to try about 20k combinations before getting it, for what it's worth

  • edited June 2020
    Would someone mind taking a look at my e-mail creating script and help point me to what I'm doing wrong?

    EDIT: Got it, thanks to the nudge from @jhnhnck. On to user!

    marlasthemage

  • edited June 2020

    Anyone got any tips for root? I am just absolutely clueless as for what to do here, which is weird because according to everyone else this is the easiest part...

    Okay my tip is KISS

  • I don't know why but yesterday I could get the user, and today I can't find any new tickets created, the search always returns 200 empty responses, after posting a new correct ticket, the box has been reset two times.. bored

    Hack The Box

    Write ups FR : https://hackingdom.io/

  • Type your comment> @k30j1 said:

    I don't know why but yesterday I could get the user, and today I can't find any new tickets created, the search always returns 200 empty responses, after posting a new correct ticket, the box has been reset two times.. bored

    are you using the right url? one of them tends to not return anything for that request.

  • edited June 2020

    Type your comment> @user29 said:

    are you using the right url? one of them tends to not return anything for that request.

    Damn, you saved my mind, i feel so stupid x) Thanks man !

    Edit : Rooted !

    Thanks again user29 and @nicoswd too :)

    Feel free to pm me for help !

    Hack The Box

    Write ups FR : https://hackingdom.io/

  • Type your comment> @k30j1 said:

    Type your comment> @user29 said:

    are you using the right url? one of them tends to not return anything for that request.

    Damn, you saved my mind, i feel so stupid x) Thanks man !

    Glad I could help! There were a lot of moments like that for me with this box.

Sign In to comment.