Official Tabby Discussion

191012141521

Comments

  • @joeldejo said:

    I have the first xml file , and I cant go any further . Any help will be appreciated ?

    Use the information you have from that file. The error page tells you what you need to know about the information you have.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally got root. Just needed to see who I was and then google. Follow the instructions and boom! Happy to give nudges to anyone stuck.

  • come on dude....who are these motherfuckrs ...deleting my .war again and again ...grow up moron

  • Got root in the end! First box after a long hiatus. Enjoyed and learned a few cool things especially rooting. Happy to give you guys any nudges.

  • edited June 28

    stuck on root...am following the instructions and trying to install the image but says no such file when its sitting there.

    Update - got this after copying and pasting the script - there are issues with the searchsploit version

  • rooted. definitely a enumeration and google exercise. Looking back it was fairly straightforward but I learned quite a lot. PM for hints.

  • @chiefgreek said:

    stuck on root...am following the instructions and trying to install the image but says no such file when its sitting there.

    Some things to consider: check the syntax of the command you are using; make sure you've told it the path; make sure you've included the right switches.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Nice one...Spent way too long on the initial, but learned a few things. Let me know if you need a push.

    anoNym1ty

  • enjoy this box so far :sunglasses
    tks @egre55

  • Cool box, not too easy, not too difficult. Interesting to read some about of the technologies used, especially if the box already provides. My advise is to exactly do that instead of rushing to root. And maybe you even find your way in while doing so ;)

    Anyway hit me up for advise if you are struggling for too long.
    Cheers and happy hacking!

    Hack The Box

  • Type your comment> @chiefgreek said:

    stuck on root...am following the instructions and trying to install the image but says no such file when its sitting there.

    Update - got this after copying and pasting the script - there are issues with the searchsploit version

    I have the same issue, can you pm me how did you resolve it

  • Spoiler Removed

  • Spoiler Removed

  • Any nudges needed? Message me.

  • rooted. Initial foothold was an absolute pain, mainly because I got stuck in the same trap as everyone else. Won't make that mistake again.

    Otherwise learned some interesting things.

    For user - everything's been said before. There's an interesting file. If you can't get the interesting file one way, consider other ways you may be able to access.

    Root - also already said before in this thread. People have been really thorough. It's a well-documented priv escalation if you see something that might stand out for you during enumeration.

  • Type your comment> @Karthik0x00 said:

    Any nudges needed? Message me.

    Feel free to DM

    Taylur

  • Got root, fun box! New pirv esc method learned, PM for nudges :)

  • I would love to get some nudges right now. I've found the L**, and found the t***** logon information, but not really sure where I need to move from there? Any help would be greatly appreciated!

  • @Raybz said:

    I would love to get some nudges right now. I've found the L**, and found the t***** logon information, but not really sure where I need to move from there? Any help would be greatly appreciated!

    So have a think about what you want to do next. Once you decide that there is a lot of guidance available.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted. Fun box, more than enough hints around. Message me if you need a nudge.

    Hack The Box

  • Dang that was intense... Racing the reboots and learning a bunch of new things. Great box! As other's have said TONS of useful hints already but foothold was definitely the most difficult part.

    aut0exec

  • Type your comment> @Raybz said:

    I would love to get some nudges right now. I've found the L**, and found the t***** logon information, but not really sure where I need to move from there? Any help would be greatly appreciated!

    DM me bro

  • Rooted! Not sure if this was the right choice for my first box, but it was fun.

    DM for any nudges.

  • got stuck on foothold. got the xml file, successfully uploaded the war, deployed it, started it, but doesn't call back to me. Tried multiple payloads. maybe i'm just stupid. any tips?

    DaveSipos

  • edited June 29

    Type your comment> @davesipos said:

    got stuck on foothold. got the xml file, successfully uploaded the war, deployed it, started it, but doesn't call back to me. Tried multiple payloads. maybe i'm just stupid. any tips?

    i'm assuming you're talking about msf.
    check the target setting too. you may have to change that to something more suitable.
    & make sure you're using the correct one for what you can access.

    kcaaj
    kcaj#7532

  • Type your comment> @kcaaj said:

    Type your comment> @davesipos said:

    got stuck on foothold. got the xml file, successfully uploaded the war, deployed it, started it, but doesn't call back to me. Tried multiple payloads. maybe i'm just stupid. any tips?

    i'm assuming you're talking about msf.
    check the target setting too. you may have to change that to something more suitable.
    & make sure you're using the correct one for what you can access.

    Thank you, worked, Respect is on it's way

    DaveSipos

  • Spoiler Removed

  • I don't know why I tried to look so much further than what was required for user... From the initial enum of the ip address, it was clear that there was supposed to be that kind of file, given the nature of HTB, but somehow I just kept going deeper and deeper into that rabbit hole.

    Anyway, getting the initial foothold was quite accessable, but delivering it in the right way was tricky for me.

    a3n3a

  • [email protected]:~# whoami && id && hostname
    root
    uid=0(root) gid=0(root) groups=0(root)
    tabby
    

    Thanks for the nudges, everyone in the forum. Great box, learned a few new things.

    DaveSipos

  • Rooted! tq.

    DM for any nudges

Sign In to comment.