The best value you get if you make a python script (POC) that does the whole process. Especially if you are not familiar with python. It's easy. You can easily google all you need.
@fingeron said:
Damn it. The comments here only made me more frustrated. It feels like my payload should be working.... It is working locally
I am stuck where you are. It has something to do with encoding. If I can be more specific when I figure it out without giving it away, I will. The advice I was given was to setup the whole thing locally so that I could test...
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can't find any hint about where the vuln app is, can anyone pm me please
@3ll137hy said:
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can't find any hint about where the vuln app is, can anyone pm me please
a hint on how to escalate to user would be much appreciated.
I have been stuck there for a while, I found a hash and tried to crack but no luck.
I have the repo and been through it all the way but can't figure it out
i need a hint to get user shell after getting into the system . i tried many things but with no luck . is it a credentials i need to find or an exploit as i feel i lost my way .
anyone want to give a nudge? My RCE is fine, I can see the machine has something locally that smells of help with privesc to user, but I don't have the creds really to access it...
Comments
Damn it. The comments here only made me more frustrated. It feels like my payload should be working.... It is working locally
The best value you get if you make a python script (POC) that does the whole process. Especially if you are not familiar with python. It's easy. You can easily google all you need.
https://www.hackthebox.eu/home/users/profile/34351
I am stuck where you are. It has something to do with encoding. If I can be more specific when I figure it out without giving it away, I will. The advice I was given was to setup the whole thing locally so that I could test...
Any hint on user.txt? I've been trying to make authenticated queries to couchdb.
https://www.hackthebox.eu/home/users/profile/34351
hint: What will you do next when you controlled the server and couchdb ?
Any hints on doing RCE? I've been hitting 500s because of this "char + quote". Any hints on this? Please PM
same probleme but withoiut char its works
Wow! That was fun. I'm not very experienced with databases, so I learned a LOT! Great box!
@anikka @markopasa @Javox Try different combinations how you can bypass the check.
https://www.hackthebox.eu/home/users/profile/34351
Can't root the box. Any nudges on how to use *** or is that a rabbit hole? Please PM
Rooted! Learned so much about this box.
I would appreciate a PM with any good read related to this exploit if possible.
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can't find any hint about where the vuln app is, can anyone pm me please
I found nmap operating system scan useful.
https://www.hackthebox.eu/home/users/profile/34351
a hint on how to escalate to user would be much appreciated.
I have been stuck there for a while, I found a hash and tried to crack but no luck.
I have the repo and been through it all the way but can't figure it out
NVM got user,
Now to root
Got root and a big lesson learned.
Trying to get root.txt for a couple of days, but can't make any progress. Could anyone help with nudge please (DM) ?
Rooted.
@aanndd if you want, you can PM me.
tsuller, rooted it today (with a nudge from markopasa). thanks!
Awesome! If anybody wants some tip without spoilers, feel free to pm me.
i need a hint to get user shell after getting into the system . i tried many things but with no luck . is it a credentials i need to find or an exploit as i feel i lost my way .
Enumerate system, look what is running and if you cant use something.
i got admin account on the service , but i can't execute commands using the exploit . thats why am lost
never mind i was so stupid XD
for all other people don't fall to the rabbit hole, there is no rce exploit to get user access .
I came to say that this is an awesome box. On every spot epic! Thanks alot
got shell and trying to escalate.. any1 wanna discuss/help PM me.
This is the most fun box ever
Got stable RCE, can run shit as www user, no user access yet... but this is so fun it doesn't matter much 
OSCP
anyone want to give a nudge? My RCE is fine, I can see the machine has something locally that smells of help with privesc to user, but I don't have the creds really to access it...
OSCP