Official Blunder Discussion

Type your comment> @Archangel78 said:

I keep running into this issue in metasploit module, if somone could help me out, i would greatly appreciate it

I have censored the spoilers

I keep running into this issue

Started reverse TCP handler on 192.168.43.183:4444
[+] Logged in as: ******
Retrieving UUID…
Uploading vqBjNbYrIS.png…
Uploading .htaccess…
Executing vqBjNbYrIS.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[*] Exploit completed, but no session was created.

Someone please help me. I am new to htb

Check your LHOST IP

I have seen that many people here are using MSF module to exploit the vulnerability. You can choose that as your wish.
But many are not configuring LHOST properly. Check options before exploit.

Spoiler Removed

Type your comment> @Archangel78 said:

I keep running into this issue in metasploit module, if somone could help me out, i would greatly appreciate it

I have censored the spoilers

I keep running into this issue

Started reverse TCP handler on 192.168.43.183:4444
[+] Logged in as: ******
Retrieving UUID…
Uploading vqBjNbYrIS.png…
Uploading .htaccess…
Executing vqBjNbYrIS.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[*] Exploit completed, but no session was created.

Someone please help me. I am new to htb

Hey bud. Welcome to HTB.

You should consider your VPN IP address instead of LAN IP address for anything inside HTB.
Your tun0 (VPN) IP address will be something like 10.10.14.xx .
Use that in your msf options instead of 192.168.xx.xx . You can do that.
Good luck :wink:

Type your comment> @hackgineer said:


My question is how do I give respect to someone if they helped me out? I can’t seem to figure out where or how I do that to a user account.

Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps :slight_smile: respect

Rooted, foothold and user are nice, root super ez.
PM for nudges

Okey, actually rooted. Good service for noobs (like me).

If you have trouble with MSF - check your iptables. Maybe your iptables block any INPUT connections. (i had the same problem).

rooted… I really overcomplicated this one. User took way to long, just simple enumeration gives you all you need.

root /escallation tok around 5 minutes. and again, just simple enumeration and google what’s right infront of you.

Finally rooted! This was my first ever box on HTB and it took me 3 days x_x

Hints:-

  1. Foothold - Fuzz with the most common file extensions you can think of to get the username. After that, just be “cool” :wink:
  2. User - Easiest part of the challenge. Investigate the application’s files thoroughly.
  3. Root - Took me the most time. Felt so stupid after I found it. The nudges “check your privs” and “root required a single line command” helped a lot.

Type your comment> @horatiu said:

Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps :slight_smile: respect

Thank you!! "Respect given"s are complete :wink:

Hey everyone
I have written a python class based on the poc if anybody is interested. I am not sure if it is ok to share here since it could be a spoiler. I would like to give some hints to my fellow beginners:

  1. I banged my head against a wall with the dubdubdub until I looked for bases with data in them.
  2. I cant believe that such a simple out of bounds error in such a vital part was only discovered one year ago.

@MarinaD said:

Hey everyone
I have written a python class based on the poc if anybody is interested. I am not sure if it is ok to share here since it could be a spoiler.

I’d be tempted to wait until after the box retires.

I would like to give some hints to my fellow beginners:

  1. I banged my head against a wall with the dubdubdub until I looked for bases with data in them.
  2. I cant believe that such a simple out of bounds error in such a vital part was only discovered one year ago.

Really fun box, user was definitely the hardest for me but root only takes a few minutes if you manage to avoid the rabbit holes.

Lots of good advice here already but my 2 cents for user is: you don’t need to guess, credentials are right in front of you, but if you want to be like the cool kids and bruteforce this Google might lead you to a .py script that can help you but it doesn’t work out of the box. I tried it after with the right credentials and it saw them as incorrect.

Any nudges please, I tried all kind of fuzz tools and I know how to exploit the box beyond the foothold but I can’t figure out the username.

@comdark said:

Any nudges please, I tried all kind of fuzz tools and I know how to exploit the box beyond the foothold but I can’t figure out the username.

Fuzz for files, not just folders.

Type your comment> @hackgineer said:

Type your comment> @horatiu said:

Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps :slight_smile: respect

Thank you!! "Respect given"s are complete :wink:

I respect you for respecting me :slight_smile:

And thank you egotisticalSW for creating this machine… quite fun and chalengeing … and it helped me understand how to use ‘cewl’ command to create wordlists with the content of a site :wink:

I spent ages trying to “cool” this thing but the py file doesn’t work straight out the box. Luckily a good hint helped me find what I needed to get user. Just google what you need to RCE.

Once you get user and you run your enum scripts, root will probably take about 5 minutes. Once you find what you need just “hop along”.

Finally got root, got completely thrown of the simple path to root because of some interesting pictures I found in the user folder. Started looking into an exploit attacking a service on a port… Ah well, learned a ton though

Wowee, first box rooted in months because of being super busy at work due to Covid.

The foothold took me the longest out of any part of that, and root took me literally 10 seconds!
Happy to give spoiler free hints.

Type your comment> @TazWake said:

@comdark said:

Any nudges please, I tried all kind of fuzz tools and I know how to exploit the box beyond the foothold but I can’t figure out the username.

Fuzz for files, not just folders.

@TazWake , thanks for the hint , got it.