Official Blunder Discussion

2456721

Comments

  • rooted!
    Struggled abit with the foothold but when I got in the machine the privesc to root was easy.
    Feel free to pm if you are stuck:)

  • edited June 2020
    edited

    Hack The Box

  • Slightly deceiptful "easy" box... because it has a few red-herring. Indeed, root is "easy" if you have heard of a specific kind of vulnerability, but if you haven't....

    lebutter
    eCPPT | OSCP

  • Rooted!

    • Learn a nice new way to privesc ;)
    • Struggle for foothold like a lot of people apparently
    • Rest is rather straight forward

    Thanks @user0n3 for the nudge on foothold

    Do not hesite to PM if you need any help, happy to help ;)

  • Rooted!

    Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list

    User: Google search will help you here. Newer the better

    Root: Go back to the basics of privesc.

    PM if you need a Nudge
  • I think that this box have an OSCP-like feeling, with lot of rabbits hole.
    Learn a thing on the privesc part so i'm happy with this box.

    Don't hesitate to PM me for hints.

    Zaitchev

    CEH - OSCP

  • Rooted.
    Definitely over thought a few things along the way, fun box.

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • would appreciate a nudge for user. got a shell, but i must be doing something wrong and can't escalate to our user :T

    0x41

  • Type your comment> @0x41 said:

    would appreciate a nudge for user. got a shell, but i must be doing something wrong and can't escalate to our user :T

    enumerate more. a piece of information you already have has some things. are all the things completed?

    pm me if you need another nudge.

    algernope
    I love helping newcomers. If you send a message, include the things you already tried.
    Please be patient for replies, I do my best to reply to everyone.

  • I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?

  • Type your comment> @Kainn said:

    I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?

    I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

  • Type your comment> @TheT3rminat0r said:

    Type your comment> @Kainn said:

    I enumerated some of this machine yesterday and found a r*******.php file that doesn't appear to be here today. is this expected? Was finding that file yesterday a fluke?

    I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

    That's what I was leaning towards. Back to fuzzing. Thank you

  • Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.

  • edited June 2020

    Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
    Many thanks to the creator(s)!

  • Rooted, Fun box! Congrats @egotisticalSW !

  • Just rooted this box, it was really fun @egotisticalSW! Need help, just DM.

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • This is a fun box - awesome work by @egotisticalSW

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Fun box! Will give nudges if you pm/

  • Thank you for this funny box @egotisticalSW unlike others, the start was easier for me! like what...

    @TazWake Sorry for the previous thread, I didn't know that now there will be an "official" thread ;)

    And thanks to @poker1 for his help on the last part. Sometimes we look too complicated...

    Fr0Ggi3sOnTour

  • @choupit0 said:

    @TazWake Sorry for the previous thread, I didn't know that now there will be an "official" thread ;)

    Its ok - I don't think anyone knew. I certainly didn't.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Anyone able to take a few quick PMs? Just trying to get something to work that should... but is not... Just need nudge on some syntax for foot fold.

  • @AwkwardUnicorn said:

    Anyone able to take a few quick PMs? Just trying to get something to work that should... but is not... Just need nudge on some syntax for foot fold.

    I will help if I can.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited June 2020

    I have the correct credentials but cant seem to pop a shell with msf. Anyone run into this issue?

    edit: rooted

  • Type your comment> @apalooza said:

    I have the correct credentials but cant seem to pop a shell with msf. Anyone run into this issue?

    Obviously you need to change the important thing in that MSF default module options.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Done with user and root, spent no more than one evening, but anyway the machine is pretty cool
    I'd even say "The best one lately"
    It's not very hard, it's not the easiest one and also it's not Windows)))
    Much info was given in another discussion on the forum, but if y'r stuck, send me pm
    Soooo much thanks @egotisticalSW

    Good game. well played!
    Arrexel

  • root made me laugh because i used to rant on twitter about how useless this was :joy:

    0x41

  • stuck on login page
    please help me, thanks!

  • Stuck on login, I've tried fuzzing but no luck. Also I've read that stephen king article and found one weird-looking word, but i dont know. Any help?

  • Rooted!

    DM me if you are stuck or need a nudge

    Hack The Box

  • @athuthala said:

    stuck on login page
    please help me, thanks!

    @lucas98 said:

    Stuck on login, I've tried fuzzing but no luck. Also I've read that stephen king article and found one weird-looking word, but i dont know. Any help?

    This won't sound helpful but the only answer is enumerate more.

    If you find something which looks like it could be a user's name, try it. Build a custom wordlist and see if it works.

    Google can take you to an article which contains what you need to try the accounts and get access.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

Sign In to comment.