Cache

11112131517

Comments

  • Now stuck in the sql injection.
    Tried to get user password, but just got a long hash and salt.
    Tried to dumpfile, but everytime I use “INTO” in the injection, it just return error.

  • Type your comment> @6uta said:

    Now stuck in the sql injection.
    Tried to get user password, but just got a long hash and salt.
    Tried to dumpfile, but everytime I use “INTO” in the injection, it just return error.

    Enum more. Maybe look for something that you weren't able to see before?

    kcaaj
    kcaj#7532

  • edited July 1

    Enumeration is leading nowhere for me. Found an exploit for the "alternative project", but can't find where to leverage it.

    Edit: Nevermind. Dumping the database now. :)

    image

  • Type your comment> @kcaaj said:
    > Type your comment> @6uta said:
    >
    > (Quote)
    > Enum more. Maybe look for something that you weren't able to see before?

    Thanks.
    I just pass the hash to my friend and get the login credential.
  • Three days and no further forward with the foothold on this box. I've heeded the comments but am clearly missing something obvious.

    Any help would be greatly appreciated.

    Hack The Box

  • @11o said:

    Three days and no further forward with the foothold on this box. I've heeded the comments but am clearly missing something obvious.

    Any help would be greatly appreciated.

    Enumeration matters. If you fuzz around you can get initial access. Then google-fu can help you find the information you need to turn that initial contact into something more useful.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • A nod to @TazWake, very much appreciated as always.

    Hack The Box

  • Got root!

  • edited July 3

    So, I had to leave this box and come back to it because it kept getting reset. I've gotten to the deployment of my r****** s****, but it doesn't seem to be getting uploaded correctly or to the correct directory. The dashboard is confusing as hell.

    EDIT - Nevermind. I'm an idiot.

    image

  • edited July 4

    Got my foothold but im stuck on getting my first user. Reading through the hints here it seems i should have enum'd through something useful to get user by now, but im kinda stumped here. A nudge would be greatly appreciated

    Im stupid. It really was something that i should have enumerated on my way to foothold. On my way to second user now

    Rooted!

    id uid=0(root) gid=0(root) groups=0(root)

    Learned alot as this was just my third box, and Im looking forward to doing more. Took me forever to get it, but all the hints are here already.

  • Rooted finally!

    image

  • please...please stop resetting.

  • Rooted. The initial foothold is by far the most frustrating part.

    Thanks to @TazWake, happy to pay it forward if needed.

    Hack The Box

  • edited July 9

    I'm kinda stuck, by reading here and with ms**** i found a h.b v******h but i cant access it from my browser, can someone give me a nudge?

    Nvm, im stupid

  • edited July 10

    Stuck in the sql injection... found some tables that seem intresting (u****_s*****) but the tool can't dump data from it... is it normal?

    Never mind... session had expired

  • Rooted. I'd never interacted with the service before. Definitely and interesting way to pivot. Name of the box matters.

    Thank you @ASHacker for the box!

    Feel free to DM for a nudge!

    Harbard

  • id appreciate a nudge. I have rce on e** app what should I be looking for next?

  • Hi, I saw the exploit author YouTube video, tried, but I fail. Then saw a exploit from the cms and it had many exploit injection, tried but I am always landing back to login page. Am I missing something?
  • This is a really fun box, despite being stuck on the foothold for 3 days.

    Foothold: there's another hidden service somewhere.
    User part 1: you need to get a flu jab.
    User part 2: look in the cache and you shall find your treasure.
    Root: ride on the blue whale and run away.

    DM for additional nudges.

  • Ah. rooted.

    Nice box. Learnt a few new attackvectors/tecniques from this one.

    PM if you need nudge for this one.

  • Yey! I rooted it, and even manage to extract tables and all info myself manually, fun box frustrating because of initail foothold if you like me with little to zero experience in this stuff.

  • Finally rooted the machine
    PM, if you need help

  • Can someone help me...
    How to find their is another host H.h
    I tried nslookup, nbtscan, dnsenum but didn't get anything.

  • @GHOSTontheWire said:

    Can someone help me...
    How to find their is another host H.h
    I tried nslookup, nbtscan, dnsenum but didn't get anything.

    In general there are a couple of fuzzing tools which can do this quite effectively.

    Not sure you need it here.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 29
    @TazWake
    Then how to discover other host.
  • @GHOSTontheWire said:

    @TazWake
    Then how to discover other host.

    You are 100% correct and it was entirely my mistake. I'd confused two boxes. Sorry for the confusion.

    Custom wordlists are a really good idea.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake
    No problem.
    I am always confused which wordlist i should use...
    So i merge directory-list-2.3-medium.txt, common.txt, big.txt
  • Type your comment> @TazWake said:
    > @GHOSTontheWire said:
    >
    > (Quote)
    > You are 100% correct and it was entirely my mistake. I'd confused two boxes. Sorry for the confusion.
    >
    > Custom wordlists are a really good idea.

    But for host discovery why we need fuzzing.
  • @GHOSTontheWire said:

    @TazWake
    No problem.
    I am always confused which wordlist i should use...
    So i merge directory-list-2.3-medium.txt, common.txt, big.txt

    Trial and error. One frustration with HTB is the fact that you often have to try dozens and never know if you've got something wrong or just used the wrong wordlist.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @GHOSTontheWire said:

    But for host discovery why we need fuzzing.

    With CTFs there are some technical differences than in the real world - for example, DNS queries dont have the same results and you cant lookup an IP to do a reverse DNS and find all the servers it hosts. This means you need to do some slightly artificial fuzzing to find out how servers respond to various requests.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.