Slightly deceiptful "easy" box... because it has a few red-herring. Indeed, root is "easy" if you have heard of a specific kind of vulnerability, but if you haven't....
Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list
User: Google search will help you here. Newer the better
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can't escalate to our user :T
enumerate more. a piece of information you already have has some things. are all the things completed?
pm me if you need another nudge.
I love helping newcomers. If you send a message, include the things you already tried.
Please be patient for replies, I do my best to reply to everyone.
I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?
I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
That's what I was leaning towards. Back to fuzzing. Thank you
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Done with user and root, spent no more than one evening, but anyway the machine is pretty cool
I'd even say "The best one lately"
It's not very hard, it's not the easiest one and also it's not Windows)))
Much info was given in another discussion on the forum, but if y'r stuck, send me pm
Soooo much thanks @egotisticalSW
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Comments
rooted!
Struggled abit with the foothold but when I got in the machine the privesc to root was easy.
Feel free to pm if you are stuck:)
Slightly deceiptful "easy" box... because it has a few red-herring. Indeed, root is "easy" if you have heard of a specific kind of vulnerability, but if you haven't....
eCPPT | OSCP
Rooted!
Thanks @user0n3 for the nudge on foothold
Do not hesite to PM if you need any help, happy to help
Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list
User: Google search will help you here. Newer the better
Root: Go back to the basics of privesc.
PM if you need a Nudge
I think that this box have an OSCP-like feeling, with lot of rabbits hole.
Learn a thing on the privesc part so i'm happy with this box.
Don't hesitate to PM me for hints.
CEH - OSCP
Rooted.
Definitely over thought a few things along the way, fun box.
Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can't escalate to our user :T
Type your comment> @0x41 said:
enumerate more. a piece of information you already have has some things. are all the things completed?
pm me if you need another nudge.
I love helping newcomers. If you send a message, include the things you already tried.
Please be patient for replies, I do my best to reply to everyone.
I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?
Type your comment> @Kainn said:
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
Type your comment> @TheT3rminat0r said:
That's what I was leaning towards. Back to fuzzing. Thank you
Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.
Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
Many thanks to the creator(s)!
https://www.hackthebox.eu/home/users/profile/74337
Rooted, Fun box! Congrats @egotisticalSW !
Just rooted this box, it was really fun @egotisticalSW! Need help, just DM.
You can find write-ups and walkthroughs on my personal blog: https://binsec.nl
This is a fun box - awesome work by @egotisticalSW
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Fun box! Will give nudges if you pm/
Thank you for this funny box @egotisticalSW unlike others, the start was easier for me! like what...
@TazWake Sorry for the previous thread, I didn't know that now there will be an "official" thread
And thanks to @poker1 for his help on the last part. Sometimes we look too complicated...
@choupit0 said:
Its ok - I don't think anyone knew. I certainly didn't.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Anyone able to take a few quick PMs? Just trying to get something to work that should... but is not... Just need nudge on some syntax for foot fold.
@AwkwardUnicorn said:
I will help if I can.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I have the correct credentials but cant seem to pop a shell with msf. Anyone run into this issue?
edit: rooted
Type your comment> @apalooza said:
Obviously you need to change the important thing in that MSF default module options.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Done with user and root, spent no more than one evening, but anyway the machine is pretty cool
I'd even say "The best one lately"
It's not very hard, it's not the easiest one and also it's not Windows)))
Much info was given in another discussion on the forum, but if y'r stuck, send me pm
Soooo much thanks @egotisticalSW
Good game. well played!
root made me laugh because i used to rant on twitter about how useless this was
stuck on login page
please help me, thanks!
Stuck on login, I've tried fuzzing but no luck. Also I've read that stephen king article and found one weird-looking word, but i dont know. Any help?
DM me if you are stuck or need a nudge
@athuthala said:
@lucas98 said:
This won't sound helpful but the only answer is enumerate more.
If you find something which looks like it could be a user's name, try it. Build a custom wordlist and see if it works.
Google can take you to an article which contains what you need to try the accounts and get access.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.