Official Tabby Discussion

1131416181921

Comments

  • Rooted. I definitely should have read some of the comments on using the browser during the foothold as that cost me some serious time and anguish. My best advice is as follows:

    Foothold: docs are great, sometimes installing and seeing with your own eyes can be better

    User: Find that interesting file

    Root: Thankfully plenty of documentation and walkthroughs on the priv esc. I did encounter a couple errors during the process, but don't get discouraged and stick with it.

    Feel free to DM for nudges

    Harbard

  • edited July 2020

    .

    Harbard

  • edited July 2020

    Rooted! the beginning was the worst as everyone said. My L** method was working, producing results but not what i was looking for. Thanks to @Nlytn for the push towards the correct directory.

    Foothold:

    -either lookup the package and try what you see, or install and look at where everything gets placed. I tried to download and just poke around... This is NOT enough. You have to pick one.

    -afterwards read up on what you can do with the setup you found. it's pretty straight forward (most have an idea i'm guessing by now).

    -create what you need, and send it on up. if you fail google around for other ways to perform this action. there are a few. feedback will indicate the way forward.

    -the path can be found with the fox and the text. if you have trouble with one, try the other. for me, the box was a little buggy ( on VIP server ). sometimes attempts were correct i just needed to send again. I'd get a failure but be sure i was on the right track, one or two more tries and success. maybe just me but keep that in mind.

    User:

    -basic enum will produce normal targets, following these targets will produce interesting files, ah but if you have a very bad shell....how do you get the...to the...there's ways. look at what's available and google how they can transfer important things. Again buggyness caused every 3 commands to hang for about a minute. Maybe just me but if not, hang in there. it will work.

    -once you get the thing to the place, investigate. Something in your way? well we are hackers! what do we normally do in this situation.

    -cool, not cool. now what? didn't someone say admins are lazy? hhhmmm....

    Root:

    -again enumerate. what can you do, where can you go, what's available? do some research on your new found tools/powers. anything interesting when you search? give it a shot!

    -the entire time this box was buggy for me, hopefully not anyone else. if it is, hang in there. it will finish. throw a simple command in queue to execute like 'ls' so you know when it's your turn again.

    -got it to work? well, take it for a spin. how's it feel on you? comfortable? rootable? yea that rootable smell we all know and love :)

    If this was too spoiler-y please let me know. i'll fix it. I figured all these things have been said already and i just added my experience with it. Hope it helps. pm for nudges. Thank you to the box creator @egre55. This one was a lot of fun once @Nlytn pull me out of the mud. haha.

    Arrexel

  • Rooted.
    The foothold was a bit difficult for me, spent many time in a wrong directory. Built a local environment do help to identify the correct direction.
    Root part is relatively easy, just stuck a bit on the "no such file" error whiling importing the image.

  • edited July 2020

    Type your comment> @6uta said:

    Rooted.
    The foothold was a bit difficult for me, spent many time in a wrong directory. Built a local environment do help to identify the correct direction.
    Root part is relatively easy, just stuck a bit on the "no such file" error whiling importing the image.

    hey @6uta
    im curious did you or anyone have trouble with the box hanging on commands? if so what vpn were you on, free?, us vip, eu vip? thanks. congrats on the pwnage!

    Arrexel

  • Type your comment> @BINtendo said:

    hey @6uta
    im curious did you or anyone have trouble with the box hanging on commands? if so what vpn were you on, free?, us vip, eu vip? thanks. congrats on the pwnage!

    I did experienced command-hanging when I was working on privsec. I guess might be someone was brute-forcing LFI?
    I am using us vip access.

  • edited July 2020

    Type your comment> @nothades said:

    Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I'm struggling to transfer the 161*****.z*p file to my local machine. Can't use SimpleH***Se**er, so I'm really not sure how I'm supposed to take a crack at it.

    If anyone could give me a nudge or a PM I'd really appreciate it

    This has been my biggest hint for anyone trying to get to user. I could not for the life of me find the credentials for the target user.

    I have put the file on my host and had to brute the password. Not sure how else this was meant to be done as the hints on this thread have not helped.

    Rooted now. The user -> root was the easiest bit

    A hit for people trying to get the initial foothold:
    Gobuster, medium wordlist. You'll see a page that looks to just be config info, but read it and it will help you find what you're looking for.

  • can someone please help me....
    i got the creds for ho**-mana*** but cant figure out what to do next...

    Hack The Box

  • @agpriyansh said:

    can someone please help me....
    i got the creds for ho**-mana*** but cant figure out what to do next...

    So at the risk of sounding facetious, I'd say use them to log in.

    Then, when you've done that, look at that account and what it can do. A bit of google with that information should take you to an exploitation path.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted (at last). As per many others the initial foothold took ages and was painful, but learnt a lot on the way.
    User and root were easier by comparison and privesc was a neat new technique to me.
    Happy to provided nudges etc. PM me.
    Thanks for @egre55 for a nice box!

  • @TazWake said:
    @agpriyansh said:

    can someone please help me....
    i got the creds for ho**-mana*** but cant figure out what to do next...

    So at the risk of sounding facetious, I'd say use them to log in.

    Then, when you've done that, look at that account and what it can do. A bit of google with that information should take you to an exploitation path.

    I logged in... found an exploit for ho-**-mana*** but i could not understand it...
    also i have a gut feeling that this exploit is not the one...

    Hack The Box

  • @agpriyansh said:

    I logged in... found an exploit for ho-**-mana*** but i could not understand it...
    also i have a gut feeling that this exploit is not the one...

    Rather than find an exploit, look for a way to exploit the system.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • hi,I have some doubts about host manager. Can I ask you to give me some guidance.I tried the chrome article about host manager, but unfortunately failed. I don't know how to create an app base

    I open smbserver and 445 port
    APP base :\\IP\data
    
  • I keep getting a cannot find file or directory error on priv esc. Can someone help me.

    Slxyre

  • Hi,
    I'm trying to figure out the right path but can not!!
    What I have done?

    • Installed the stuff in my system to understand how everything is setup but no success.
    • I can read many other stuff and even I found the right CAT*****_B*** path..

    Any Hints? PM

    Arrexel
    Ask for hints only please and give +1 respect if you like my hints. Thank you

  • edited July 2020

    Again a great box by @egre55

    Foothold:
    The initial foothold is right is front of you read everything use c**l or browser PROPERLY later try reading a lot of documentations.

    User:
    Focus on something which seems obvious and useless but use the information to abuse admin's Lazy Configuration tactics.

    Root:
    This one will be pretty straightforward with basic enumeration tools try L*****s or L*****m you will exploit it faster than user managed to do it in an hour.

    Overall everything about this box will teach you how to deploy tools.

    Kudos to @TazWake for nudges and comments here.

  • Hey,

    I could use some help with the foothold. I know in which direction the attack should develop, but I get a bit stuck in the beginning.

    I have the creds and can login. So now want to upload a specific w ** file via h *** - m. I also found interesting curl examples in the docs that can lead to annoyance.

    Only I get stuck on a 403 error.

    I have played in burp with the headers. And in curl tried different authentication methods but here again money that is the furthest that I come is the 403 error.

    Hopefully someone can and will point me in the right direction.

  • edited July 2020

    Rooted the box finally, Like everybody said the foothold was bit tricky. But overall an easy box.. Thanks to @register for the nudge..

    Foothold : Sometimes you shouldn't believe what you see, you should look deeper to find more..... And keep in mind that together is always better :wink: Carefully inspection of docs and simple googling will give you what you want... Also always be careful about some bad characters...

    User : Enumerate and enumerate.. And keep in mind that sometimes beginning is not the end.. Crack what you found locally...

    Root : The most simple part... Enum and enum... If you find something suspicious .. :wink: Simple googling of that word + exploit will give you the exploit... :naughty:

    Hope that i am not spoiling the box :relaxed:

    Feel free to DM me if you need anything or Ping me on discord ciphercode#4438

    Happy to help :innocent:

  • Finally! Rooted the box. Feel free to pm for any nudges or hints :smile:
    Getting the foothold was the crucial part, but learnt something new in it.

    Happy Hacking!

  • Root :)
    tips:
    For user, the most difficult part, I needed some nudges:
    1. look well the site to find something ;)
    2. I installed the tool, but over internet you can find some useful site with everythings
    3. now check what you can do, google help you a lot, and PAY ATTENTION on how to do that)
    4. looking for all the filesystem for something ;)

    For root
    1. as normal, who are you and what can you do
    2. as before, gooooooogle ;)
    3. for me the script I found is not working so I made all the step by hand, but the result is the same :)

    If some one need some nudges can contact me ;)

  • Stuck on the very last step of the foothold. I can see that I've uploaded a W** file, but I can't execute it! I've set up tomcat locally and tried the same exploit and got the directory where the file is uploaded but even that is not working. Would really appreciate some help...

  • rooted the box...

  • @sai97 said:

    Stuck on the very last step of the foothold. I can see that I've uploaded a W** file, but I can't execute it! I've set up tomcat locally and tried the same exploit and got the directory where the file is uploaded but even that is not working. Would really appreciate some help...

    Make sure it has uploaded correctly and that you are calling it correctly.

    Unfortunately "not working" covers a lot of issues which make it nearly impossible to help remotely.

    If it isn't working locally when you have full control of everything, I'd suggest the payload is wrong. Try a different one.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Foothold Hint: everyone is looking for a path... what about stop searching and use permutations with repetition ?

  • edited July 2020

    Spoiler Removed

    Hack The Box
    Silence, i'll hack you!! ;-)

  • Could use some help as I'm pretty lost. Got to the point where I have to deploy something on the high port service, but all I'm getting is a 401 Unauthorized response. I know the creds I got are the ones because it worked once and I'm pretty sure I managed to get the user's password while I had access to the machine, but now I can't get past that 401 even though I'm using the same syntax. To be honest I don't know what I'm doing wrong

  • @egre55 thanks man, that was a really fun one!

    @n1ghtcrawl3r thank you for the assistance with the foothold :)

  • edited July 2020

    This one was really fun, managed user and root without checking the forums on this one!!!

  • WOW Rooted! Nice box.

    ~ # id uid=0(root) gid=0(root)

    Hack The Box
    CISSP | eJPT

  • edited July 2020

    Type your comment> @sn0b4ll said:

    Good machine. If you are stuck with l** not finding the i**** or other strange errors, don't try to run the commands from /tmp/ but from some user folder.

    Dude, you saved my life. But why? I spent hours on priv esc in /tmp/. And shifting to user's home dir solved all the errors.

    Zhe0ops

Sign In to comment.