Official Buff Discussion

1161719212233

Comments

  • @Lhuxey12 said:

    Hello there,

    I've been stuck with this box for so long now. I have managed to snag the user.txt, but I've been having a hard time connecting using p****.exe it's been giving me an error saying Couldn't agree a key exchange algorithm... Please, kindly give me a nudge.

    If you scroll back, quite a few people have answered this.

    It never happened to me so I am not sure what the cause is, but in the first instance, I'd say make sure you have SSH running, it is accessible and the account you use can log in.

    Some of the other suggestions are about using different versions etc.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @Lhuxey12 said:

    Hello there,

    I've been stuck with this box for so long now. I have managed to snag the user.txt, but I've been having a hard time connecting using p****.exe it's been giving me an error saying Couldn't agree a key exchange algorithm... Please, kindly give me a nudge.

    If you scroll back, quite a few people have answered this.

    It never happened to me so I am not sure what the cause is, but in the first instance, I'd say make sure you have SSH running, it is accessible and the account you use can log in.

    Some of the other suggestions are about using different versions etc.

    hi, i'm pretty sure my SSH is running - Yet, I still don't know why it's still saying key exchange algo isn't working. Any solutions on how to make this work? I know this is my one and only missing steps.

    Please, PM me and explain how. I've been stuck on this machine for DAYS...

  • @Lhuxey12 said:

    hi, i'm pretty sure my SSH is running - Yet, I still don't know why it's still saying key exchange algo isn't working. Any solutions on how to make this work? I know this is my one and only missing steps.

    Please, PM me and explain how. I've been stuck on this machine for DAYS...

    Happy to try and help but I've no idea really. I never had this issue.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hello there again people of hack the box,

    So.. Now it's saying unable to negotiate with 10.10.10.198 port ****: No matching key exchange

  • edited August 2020

    Hi all, Newbie here.
    I'm trying to hack this box as a final project for my Ethical Hacking course. I've made some progress and found G**M*********S******* exploit. However, anytime I execute it and it returns that it connected to w******* it immediately exits. Did anyone else have this problem? Any ideas how to move past it?

  • So, I was trying to exploit C******.*** but every time I do NC it doesn't give me access to root. Need help please PM me.

  • Okay, I'm on the last part and my NC won't give out anything or won't connect. If you guys got any suggestion on how to do this please PM me or reply to this post.

  • @cfmonroe0825 said:

    Hi all, Newbie here.
    I'm trying to hack this box as a final project for my Ethical Hacking course. I've made some progress and found G**M*********S******* exploit. However, anytime I execute it and it returns that it connected to w******* it immediately exits. Did anyone else have this problem? Any ideas how to move past it?

    A lot of this depends. When you say it "exits", the exploit might still have worked.

    The POC code is a bit misleading. First, the instructions are wrong in places. Secondly, it tries to make it look like a webshell when it isn't.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • FATAL ERROR: Couldn't agree a key exchange algorithm (available: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)

    can anyone help me solving this issue

  • @pagal said:

    FATAL ERROR: Couldn't agree a key exchange algorithm (available: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)

    can anyone help me solving this issue

    I suspect if you read through the threads, the answer might already be there. This has been asked before - even a few posts before yours.

    Have a look at:

    https://forum.hackthebox.eu/discussion/comment/79296/#Comment_79296

    Also: make sure you have SSH running on your machine and you are able to log in remotely with the account you use.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Piece of Cake :smile: but im having real difficulty in uploading the files after initial shell. Is it just me who is facing this issue?

  • @cybeR0ot said:

    Piece of Cake :smile: but im having real difficulty in uploading the files after initial shell. Is it just me who is facing this issue?

    Possibly not, but it boils down to how you are trying to upload them.

    The "initial shell" might not be a shell.

    If you've used the common exploit unmodified, then you have remote command execution, not a shell on the box. The PoC just makes it look like a shell.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @cybeR0ot said:

    Piece of Cake :smile: but im having real difficulty in uploading the files after initial shell. Is it just me who is facing this issue?

    Possibly not, but it boils down to how you are trying to upload them.

    The "initial shell" might not be a shell.

    If you've used the common exploit unmodified, then you have remote command execution, not a shell on the box. The PoC just makes it look like a shell.

    Nope i upgraded POC shell with cat (after alot of wait). But still im surprised that nothing is downloading with curl, certutil, even from nc.

    I hope im doing everything good.

  • @cybeR0ot said:

    Nope i upgraded POC shell with cat (after alot of wait). But still im surprised that nothing is downloading with curl, certutil, even from nc.

    I hope im doing everything good.

    Well, if you uploaded the cat, then you should be able to do the same thing to get other files across.

    If that worked but everything else is failing there might be a network issue.

    Alternatively, if you use a version already on the box, it might have functionality issues.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • So tired of re-running the user exploit multiple times due to resets so I gave in and made an autopwn script to speed things up, works like a charm! xD

  • Type your comment> @cybeR0ot said:

    Piece of Cake :smile: but im having real difficulty in uploading the files after initial shell. Is it just me who is facing this issue?

    Yeah I had a few issues uploading files to this box.
    Fixed it by just changing servers really.

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Rooted!! Great box! Most of the hints are in the forums but if I had to recap-
    User: Enumerate harder, maybe the webpage has something that says something that might be worth a google or two..
    Root: Look for files that users usually forget to delete and google around. Of coarse you must be required to tweak the exploit to run what you want it to. Remember not all computers are the same especially with their “internet ID”. You’ll figure it out and if doesn’t work the first time, keep running it and if it still doesn’t perhaps change the payload around until it works. Also remember that even basic av can detect extremely common payloads.
  • I still need a nudge... :(

  • edited August 2020

    Rooted! Feel free to Message for help.

    I got stuck with root because I could not get ports working correctly -- Make sure you use netstat to identify issues.

  • phew, just got the root.

    actually root is easy, just because I think it's too complicated..

  • I am hanging on user, idk what to do, I have no problem with challenges but these machines i can't solve, can someone help me?

  • Type your comment> @amcstoke said:

    I am unable to run command for the exploit. "python" command is showing importerror: no module named request and "python3" is showing errors with the code itself. I have seen videos of people doing the exact same thing but not working for me? Sorry, beginner at this. Thank you.

    Hey first run the command

    1.apt-get install python-pip

    2.pip install requests

    it worked for me.
    hope it does for you.

  • edited August 2020

    I'm facing an error with SPOILER REMOVED exploit. Eveytime I run the command it says connection refused . A small help is appreciated.

  • edited August 2020

    Type your comment> @dojoku said:

    phew, just got the root.

    actually root is easy, just because I think it's too complicated..

    hey can you help me? while running SPOILER REMOVED exploit im facing connection refused error.

  • @Divyaraj said:

    Type your comment> @dojoku said:

    phew, just got the root.

    actually root is easy, just because I think it's too complicated..

    hey can you help me? while running SPOILER REMOVED exploit im facing connection refused error.

    Chances are high that you haven't set up the connection correctly.

    If you have, then the chances are high that the service has fallen over from millions of attempted exploits.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited August 2020

    Type your comment> @TazWake said:

    @Divyaraj said:

    Type your comment> @dojoku said:

    phew, just got the root.

    actually root is easy, just because I think it's too complicated..

    hey can you help me? while running SPOILER REMOVED exploit im facing connection refused error.

    Chances are high that you haven't set up the connection correctly.

    If you have, then the chances are high that the service has fallen over from millions of attempted exploits.

    I have had downloaded the SPOILER REMOVED exploit for the rootflag in a python file and for instance say im listening on port 4444 by the command nc -nvlp 4444 and when i try to run the python script by python [filename].py it says [errorno111] connection refused. Thanks.

  • connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
    Microsoft Windows [Version 10.0.17134.1610]
    (c) 2018 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>whoami
    whoami
    buff\administrator

    Finally rooted machine

  • Type your comment> @kukre said:

    connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
    Microsoft Windows [Version 10.0.17134.1610]
    (c) 2018 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>whoami
    whoami
    buff\administrator

    Finally rooted machine

    Didnt you got connection refused error?

  • @Divyaraj said:

    Didnt you got connection refused error?

    The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.

    You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won't work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @Divyaraj said:

    Type your comment> @kukre said:

    connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
    Microsoft Windows [Version 10.0.17134.1610]
    (c) 2018 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>whoami
    whoami
    buff\administrator

    Finally rooted machine

    Didnt you got connection refused error?

    I had no problem now, before it was a bit complicated for me but google helped me a lot

Sign In to comment.