…
My question is how do I give respect to someone if they helped me out? I can’t seem to figure out where or how I do that to a user account.
Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps respect
Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps respect
Hey everyone
I have written a python class based on the poc if anybody is interested. I am not sure if it is ok to share here since it could be a spoiler. I would like to give some hints to my fellow beginners:
I banged my head against a wall with the dubdubdub until I looked for bases with data in them.
I cant believe that such a simple out of bounds error in such a vital part was only discovered one year ago.
Hey everyone
I have written a python class based on the poc if anybody is interested. I am not sure if it is ok to share here since it could be a spoiler.
I’d be tempted to wait until after the box retires.
I would like to give some hints to my fellow beginners:
I banged my head against a wall with the dubdubdub until I looked for bases with data in them.
I cant believe that such a simple out of bounds error in such a vital part was only discovered one year ago.
Really fun box, user was definitely the hardest for me but root only takes a few minutes if you manage to avoid the rabbit holes.
Lots of good advice here already but my 2 cents for user is: you don’t need to guess, credentials are right in front of you, but if you want to be like the cool kids and bruteforce this Google might lead you to a .py script that can help you but it doesn’t work out of the box. I tried it after with the right credentials and it saw them as incorrect.
Did you try finding the user account in hackthebox site (not the forum) ?
If you click on “Member Finder” in the top right corner, just fill in the name and search for user… then, in his profile the first button under his name is: “Give Respect”
Hope it helps respect
Thank you!! "Respect given"s are complete
I respect you for respecting me
And thank you egotisticalSW for creating this machine… quite fun and chalengeing … and it helped me understand how to use ‘cewl’ command to create wordlists with the content of a site
I spent ages trying to “cool” this thing but the py file doesn’t work straight out the box. Luckily a good hint helped me find what I needed to get user. Just google what you need to RCE.
Once you get user and you run your enum scripts, root will probably take about 5 minutes. Once you find what you need just “hop along”.
Finally got root, got completely thrown of the simple path to root because of some interesting pictures I found in the user folder. Started looking into an exploit attacking a service on a port… Ah well, learned a ton though
Foothold: enumerate very well, find vulnerable software and information to access it, smart guess creds, exploit
User: enumerate well on the inside. Where are creds typically found?
Root: enumerate yet again, Google what looks strange
Stuck on user. I found three password hashes - two of them had salts and one is missing the salt entry. Is that the way it should be or did someone mess with the machine?