Question, for the exploit writeup from a blog about the R*E vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn't return any s****** errors if you direct it to the wrong location for me
Question, for the exploit writeup from a blog about the R*E vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn't return any s****** errors if you direct it to the wrong location for me
From my experience it doesn't cause expected error 500 for random location. You only see an exception if payload 'worked'.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Ok - you might want to work on identifying why this is happening or at least more detail about what could be the problem. Simply having a shell fail to connect isn't something people can really help with.
For example, there are countless reasons why this might be the case:
You've used the wrong payload
Your payload has a typo
Your payload hasn't been put in the right place
Your payload isn't being called properly
Your attack is hitting the wrong place
Your listener isn't working
Your listener is expecting something other than what the payload is sending
You have a typo in the listener
Your firewall is blocking connections
(etc - this could go on for days).
This is a hard box, so it does need some trial and error to get attacks working. You need to be comfortable working through what you are trying to do so you can understand where a problem might have occurred. (and remember, if you are too open about what you are asking on the public forum it will get hit for a spoiler)
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I loved this one because I'm very interested in learning more about exploiting the type of vulnerability required for foothold.
This box was quite a lot of work, but got there in the end. Got stuck on user a bit because I thought I had everything I needed, but I didn't. Thanks @m1r3x for pointing that out.
The lateral movement taught me something I didn't know yet.
Root wasn't too bad because the way was clear, just needed to put in some time, trial and error to get everything right.
Invalid request
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
curl: (26) Failed to open/read local data from file/application
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Rooted but with some sense of guilt.
I want to be totally onest: while googling i casually dropped into a spoiler and when i was completely lost for the root path i took some "inspiration" from it.
Foothold/user: here i had a pretty clear picture of the process, but i could not find the right "tooling". Got a nudge (thx @ricepancakes) to get to user, then i went there..
root: That's when i fell into temptation. I was struggling to find a possible path.
Yeah, i saw a lot of things using a common enum script, but i totally missed the point about getting deeper. there i started googling a little bit "too hard" and i fell into the spoiler...i did not took it as a whole. i took just a hint and i tried to get back to my blocking point to see if i could ever be able to spot the way. There i have felt dumb, because the thing to look at was plainly in front of me and i didn't noticed.
I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash... 🤔
Comments
Question, for the exploit writeup from a blog about the R*E vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn't return any s****** errors if you direct it to the wrong location for me
Type your comment> @m0zzare11a said:
From my experience it doesn't cause expected error 500 for random location. You only see an exception if payload 'worked'.
Aite thanks! Had me wondering if I got the correct vuln for quite a bit
What a ride. The user was super! and Root was awesome too. If you read the bible for CTFs carefully you will find everything. ;P
Excellent box. finally rooted! the tips in here are everything you need, don't be afraid to get creative
Upload successful! The report will be sent via e-mail.
no report!!! i got
@scorpion4347 said:
You dont want a report, you want a shell.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
i mean reverse shell not connecting!!!
@scorpion4347 said:
Ok - you might want to work on identifying why this is happening or at least more detail about what could be the problem. Simply having a shell fail to connect isn't something people can really help with.
For example, there are countless reasons why this might be the case:
(etc - this could go on for days).
This is a hard box, so it does need some trial and error to get attacks working. You need to be comfortable working through what you are trying to do so you can understand where a problem might have occurred. (and remember, if you are too open about what you are asking on the public forum it will get hit for a spoiler)
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Rooted !
Feel free to pm me for nudges
Rooted. Fun box, not too hard for a hard box but definitely not easy.
PM me if you need a nudge but be prepared to tell me what you've tried first.
Rooted, good box with lot of learning points.
Let me know if you need any help but tell what you tried to avoid me any spoil
path is web link without security ?????
Pretty sure I am looking at the intended exploit. Can someone point me to some good reading material for the exploit?
I'm not able to get the required code for SUCCESS
Edit: Rooted the box
I loved this one because I'm very interested in learning more about exploiting the type of vulnerability required for foothold.
This box was quite a lot of work, but got there in the end. Got stuck on user a bit because I thought I had everything I needed, but I didn't. Thanks @m1r3x for pointing that out.
The lateral movement taught me something I didn't know yet.
Root wasn't too bad because the way was clear, just needed to put in some time, trial and error to get everything right.
Let me know if you need help
Great box, loved the privesc part.
Can offer help if you are stucked
Check for writeups -> https://noxious.tech
Where is the root.txt? I just reset the machine and still not in the usual place.
> Where is the root.txt? I just reset the machine and still not in the usual place.
are you sure you are not in a container?
Type your comment> @m1r3x said:
Yup, lol. I found out 1 minute after I posted this haha.
Thnx!
Rooted! Very, very nice box. Learnt a lot from this.
DM if you need nudges
Write-Ups here: https://catsandpancakes.github.io
Invalid request
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
curl: (26) Failed to open/read local data from file/application
curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out
howdy everyone, nice box, I am having trouble with the masonry/carpentry tool 😀, appreciate a PM.
@scorpion4347 said:
It looks like curl failed to connect because the connection timed out.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@TazWake said:
We got ourselves a comedian, ladies and gentlemen.
@metuldann said:
Thanks, I try my best.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
this is the place to learn new things!!!!
> this is the place to learn new things!!!!
Along with learning, it is really fun to do.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Type your comment> @TazWake said:
LOL
echo start dumb.bat > dumb.bat && dumb.bat
doh!
Rooted but with some sense of guilt.
I want to be totally onest: while googling i casually dropped into a spoiler and when i was completely lost for the root path i took some "inspiration" from it.
Foothold/user: here i had a pretty clear picture of the process, but i could not find the right "tooling". Got a nudge (thx @ricepancakes) to get to user, then i went there..
root: That's when i fell into temptation. I was struggling to find a possible path.
Yeah, i saw a lot of things using a common enum script, but i totally missed the point about getting deeper. there i started googling a little bit "too hard" and i fell into the spoiler...i did not took it as a whole. i took just a hint and i tried to get back to my blocking point to see if i could ever be able to spot the way. There i have felt dumb, because the thing to look at was plainly in front of me and i didn't noticed.
I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash... 🤔
echo start dumb.bat > dumb.bat && dumb.bat
doh!