Official Blunder Discussion

18911131421

Comments

  • edited June 29

    My current issue is that I get this message in msf and it doesn't create a session
    [] Started reverse TCP handler on CENSORED
    [+] Logged in as: f***** (I censored this as well)
    [
    ] Retrieving UUID...
    [] Uploading xCwhiPoQRB.png...
    [
    ] Uploading .htaccess...
    [] Executing xCwhiPoQRB.png...
    [!] This exploit may require manual cleanup of '.htaccess' on the target
    [
    ] Exploit completed, but no session was created.
    Am I using the wrong payload or is it a issue I havent thought of yet?

  • Finally rooted. Indeed root was very easy, but initial foothold was really annoying.
    Thanks to the creator, it was quite a fun box.

  • Type your comment> @s0b3k said:

    My current issue is that I get this message in msf and it doesn't create a session
    [] Started reverse TCP handler on CENSORED
    [+] Logged in as: f***** (I censored this as well)
    [
    ] Retrieving UUID...
    [] Uploading xCwhiPoQRB.png...
    [
    ] Uploading .htaccess...
    [] Executing xCwhiPoQRB.png...
    [!] This exploit may require manual cleanup of '.htaccess' on the target
    [
    ] Exploit completed, but no session was created.
    Am I using the wrong payload or is it a issue I havent thought of yet?

    Exactly the same problem. I tried all payloads, but nothing helped

  • edited June 29

    Hi All,

    This is my very first machine that I am attempting to crack, so please don't mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

    I'm trying to find the password of the user f***** using brute force, using the script at (Spoiler removed), however, i am being thrown the following error -

    (removed)

    Is there an issue with the script, or is it the internet. If its the former, can someone point me
    in an alternate direction?

    Thanks much in advance for the help!

  • Is the box stuck? I've been doing "su" but it wouldn't responds. Although I've already resetted the box.

  • @herapen09 said:

    Is the box stuck? I've been doing "su" but it wouldn't responds. Although I've already resetted the box.

    If you've reset the box, it probably isn't the problem.

    When you try su does it simply do nothing or do you get an error message?

    If it doesn't do anything, your shell might be broken.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @KiloLima56 said:

    Hi All,

    This is my very first machine that I am attempting to crack, so please don't mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

    So the information provided was probably too verbose here.

    However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

    Then check you haven't inadvertently changed some of the exploit code.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @herapen09 said:

    Is the box stuck? I've been doing "su" but it wouldn't responds. Although I've already resetted the box.

    If you've reset the box, it probably isn't the problem.

    When you try su does it simply do nothing or do you get an error message?

    If it doesn't do anything, your shell might be broken.

    I've already done resetting the box and it wouldn't work either. And already switching from EU to US and the same thing....the box didn't respond. And I've got no error message. I've used the "new" one for exploiting this box.

  • @herapen09 said:

    I've already done resetting the box and it wouldn't work either. And already switching from EU to US and the same thing....the box didn't respond. And I've got no error message. I've used the "new" one for exploiting this box.

    If you aren't getting an error message then something else might be wrong. Are you confident you have a shell which it works in?

    Try with an incorrect user name and see it says anything different.

    Having no response and not having it switch users is very unusual.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @KiloLima56 said:

    Hi All,

    This is my very first machine that I am attempting to crack, so please don't mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

    So the information provided was probably too verbose here.

    However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

    Then check you haven't inadvertently changed some of the exploit code.

    Thanks, and noted for future.

    I double checked it, and haven't changed the exploit code. Not too sure what's going wrong! :(

  • Type your comment> @Bobba26 said:

    Type your comment> @s0b3k said:

    My current issue is that I get this message in msf and it doesn't create a session
    [] Started reverse TCP handler on CENSORED
    [+] Logged in as: f***** (I censored this as well)
    [
    ] Retrieving UUID...
    [] Uploading xCwhiPoQRB.png...
    [
    ] Uploading .htaccess...
    [] Executing xCwhiPoQRB.png...
    [!] This exploit may require manual cleanup of '.htaccess' on the target
    [
    ] Exploit completed, but no session was created.
    Am I using the wrong payload or is it a issue I havent thought of yet?

    Exactly the same problem. I tried all payloads, but nothing helped

    I saw a comment somewhere saying to set tun0. But that didn't help mine.

  • @KiloLima56 said:

    Thanks, and noted for future.

    I double checked it, and haven't changed the exploit code. Not too sure what's going wrong! :(

    Drop me a PM if you want to be a bit more specific.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted. Fun Box, I enjoyed it! PM if you need nudges.

    Hack The Box

  • For the login page, what is the most common name for the home page of a management utility. That name should be your success string when trying to get in.

  • Rooted! Some hints:

    • Foothold: how do you say you've not to bruteforce? You have to! But you have to craft your wordlist. Unless you're a genious of guessing :wink:
    • User: what is the first step you do when you get a shell exploiting a php application?
    • Root: easy to say, but not so easy to guess. Pay attention at the only result linpeas would give you. The exploit is one single command. If you're uploading something to do root privesc, you're on the wrong path :wink:
  • Type your comment> @TazWake said:

    @KiloLima56 said:

    Thanks, and noted for future.

    I double checked it, and haven't changed the exploit code. Not too sure what's going wrong! :(

    Drop me a PM if you want to be a bit more specific.

    Seemed to have started working after a couple of tries! :) Thanks anyways for the help!

  • i am unable to crack the hash that i obtained from the u****.php. i have used several online services as well as hashcat and its turning into a time suck. any tips would be greatly appreciated.

  • Type your comment> @gunroot said:

    Type your comment> @thewetbandit said:

    I've found a hash for h***. I can't seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

    Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

    Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
    https://www.tunnelsup.com/hash-analyzer/

    Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
    John/Hashcat will crack it against rockyou.txt.
    You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

    If not worked out, then you can use the below link to crack the hash without mentioning the has format.
    (**Note this link will work only for very commonly used passwords.)
    http://www.hashes.com

    Hope this will help you out.
    ;) Good luck.

    I've already cracked with john and it seems didn't get the right password. I'm still investigate it what's wrong with the format.

  • @ak9999 said:

    i am unable to crack the hash that i obtained from the u****.php. i have used several online services as well as hashcat and its turning into a time suck. any tips would be greatly appreciated.

    Are you 100% sure you have a hash that is crackable? For example, are you able to match it to an account on the system you want to use it against?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @herapen09 said:

    Type your comment> @gunroot said:

    Type your comment> @thewetbandit said:

    I've found a hash for h***. I can't seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

    Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

    Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
    https://www.tunnelsup.com/hash-analyzer/

    Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
    John/Hashcat will crack it against rockyou.txt.
    You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

    If not worked out, then you can use the below link to crack the hash without mentioning the has format.
    (**Note this link will work only for very commonly used passwords.)
    http://www.hashes.com

    Hope this will help you out.
    ;) Good luck.

    I've already cracked with john and it seems didn't get the right password. I'm still investigate it what's wrong with the format.

    I've already rooted this box. Got a clue from the box maker. Thanks @egotisticalSW for the box and the clue.

  • Hi,

    I'm stuggling with the initial foothold :( i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result...

    maybe my username is not the right one ?

    Thx

  • Rooted.
    PM for hits :)

  • Rooted! this was a fun first box, learned a bit about privesc and enumeration doing this one.

  • hey guys plz someone help me i am getting this error

    [!] This exploit may require manual cleanup of '.htaccess' on the target
    [*] Exploit completed, but no session was created.

    and when i check thee exploit it say ::
    [*] 10.10.10.191:80 - The target is not exploitable.

  • edited July 2

    Hi,

    I need some help (in DM) for privilege escalation.
    I'm stuck on www-data user.
    I used LinEnum and LinPeas to look for some clues but I didn't find anything.
    I searched for zip and backup file ... nothing.
    I searched for (valid) passwords in text files ... nothing.
    I searched on Google for "Ubuntu 19.10 privilege escalation", I found something about sudo but it's not applicable.

    Thanks in advance

    [EDIT]

    Uhm ... I haven't tried the bruteforce of the u*****. php file yet ... my next step

  • for those struggling with m** , python can take you there!

  • Scripts didn't help me, when I was rooting the box> @BIGGYBBQ said:

    Hi,

    I'm stuggling with the initial foothold :( i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result...

    maybe my username is not the right one ?

    Thx

    probably not :wink:

  • How did you guess the password here?

    Hack The Box

  • Type your comment> @andrhtb said:

    How did you guess the password here?

    use the exploit instead of password guessing
    you will need to make a little tweak in the exploit!

  • Type your comment> @gunroot said:

    Type your comment> @thewetbandit said:

    I've found a hash for h***. I can't seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

    Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

    Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
    https://www.tunnelsup.com/hash-analyzer/

    Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
    John/Hashcat will crack it against rockyou.txt.
    You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

    If not worked out, then you can use the below link to crack the hash without mentioning the has format.
    (**Note this link will work only for very commonly used passwords.)
    http://www.hashes.com

    Hope this will help you out.
    ;) Good luck.

    m doing it with hashcat (s**1 -algorithm)....still it terminates as soon as i start it!
    and the websites you mentioned couldnt guess it!
    anything else i should try?!!
    you sure its in rockyou?

Sign In to comment.