Travel

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

@H4FN said:

i do not have access to *** I´m trying all that I can see …

You can try fuzzing with various wordlists.

Type your comment> @gunroot said:

Type your comment> @H4FN said:

OOOhhh I didn´t know that bro … where can I know all the machines that will be retired ?

In the Machine’s side (left) column in HTB page, you can see ‘unreleased (1)’, click it to reveal what old machine will be replaced by the new machine. This week Travel is retiring and Compromised coming the way in.

Roger that !!.. I only saw Release Arena ! … thanks bro !

Type your comment> @TazWake said:

@H4FN said:

i do not have access to *** I´m trying all that I can see …

You can try fuzzing with various wordlists.

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

@H4FN said:

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

Google for the the name and dumper, you can find a tool which will extract it all to your machine. Then you can look at the source code.

Type your comment> @TazWake said:

@H4FN said:

Any tip with ******** ? o RSS … I will other list to dev its all that I can see till today !!

Google for the the name and dumper, you can find a tool which will extract it all to your machine. Then you can look at the source code.

I don’t know how far I have advanced, but I will take a look into those files !! :open_mouth: … some zlib too I´m not sure !! but I like it !!

@H4FN said:

I don’t know how far I have advanced, but I will take a look into those files !! :open_mouth: … some zlib too I´m not sure !! but I like it !!

There is a lot to process in the files but they (if you include the files they reference) do actually cover everything needed for the foothold. It’s just really hard to work out - running trial and error bits helps a lot but can take a long time.

GOT ROOT an awesome box by dev

Type your comment> @TazWake said:

@H4FN said:

I don’t know how far I have advanced, but I will take a look into those files !! :open_mouth: … some zlib too I´m not sure !! but I like it !!

There is a lot to process in the files but they (if you include the files they reference) do actually cover everything needed for the foothold. It’s just really hard to work out - running trial and error bits helps a lot but can take a long time.

I did all my research and all looks like i need to do something with Mem-----d but all is going to a DDos and UDP spoofing … I´m here becase I got mixup Admirer IP with this LOL :!!

@H4FN said:

I did all my research and all looks like i need to do something with Mem-----d but all is going to a DDos and UDP spoofing

There are lots of ways to attack that service rather than use ExploitDB to find a vuln. In this instance you aren’t attacking it, you are using it.

It really is just a part of the attack here - you need to give it something it is looking for so everything else can work.

There are other parts of the files which are much, much more important.

… I´m here becase I got mixup Admirer IP with this LOL :!!

Lol, fun times!

It is a good box. It is just super hard and really time-consuming if you dont already understand the way the attack works. The attack is “known” but it isn’t seen very often on CTFs.

Type your comment> @TazWake said:

@H4FN said:

I did all my research and all looks like i need to do something with Mem-----d but all is going to a DDos and UDP spoofing

There are lots of ways to attack that service rather than use ExploitDB to find a vuln. In this instance you aren’t attacking it, you are using it.

It really is just a part of the attack here - you need to give it something it is looking for so everything else can work.

There are other parts of the files which are much, much more important.

I tried a lot of tools but nothing could hit the port, I will wait for a writeup to understand where I was stuck and learn next steps ! I tried but I´m new on CTF challenges and this was my first Hard CTF !! .
As alway thanks brother for all the support I learned new things with this box with only tw0 days :slight_smile:

@H4FN said:

Type your comment> @TazWake said:

@H4FN said:

I did all my research and all looks like i need to do something with Mem-----d but all is going to a DDos and UDP spoofing

There are lots of ways to attack that service rather than use ExploitDB to find a vuln. In this instance you aren’t attacking it, you are using it.

It really is just a part of the attack here - you need to give it something it is looking for so everything else can work.

There are other parts of the files which are much, much more important.

I tried a lot of tools but nothing could hit the port, I will wait for a writeup to understand where I was stuck and learn next steps ! I tried but I´m new on CTF challenges and this was my first Hard CTF !! .
As alway thanks brother for all the support I learned new things with this box with only tw0 days :slight_smile:

Ok - it wont be long now anyway.

In a nutshell, if you read the code its possible to identify a way to inject stuff which can make a request on your behalf. With some effort this can be used to bypass a control and send data to a system which opens the door to further exploitation.

It is one of the hardest footholds I’ve seen in a long time.

Type your comment> @TazWake said:

@H4FN said:

Ok - it wont be long now anyway.

In a nutshell, if you read the code its possible to identify a way to inject stuff which can make a request on your behalf. With some effort this can be used to bypass a control and send data to a system which opens the door to further exploitation.

It is one of the hardest footholds I’ve seen in a long time.

I´m not sure about it but I guess I saw that part into the code after URL validations with the curl to the URL but I could not figured out how to exploit it I need to keep reading and practicing :slight_smile:

@H4FN
Buddy. All you need is to study the source code and a tons of googling.
If you’re trying to do the box before it’s retiring, I’m glad to help you.

Read this article and also read the internal links also. It will help you to understand how internal SSRF can be launched.

PM if you need more hints/pointers. :slight_smile:

@H4FN said:

I´m not sure about it but I guess I saw that part into the code after URL validations with the curl to the URL but I could not figured out how to exploit it I need to keep reading and practicing :slight_smile:

I’d strongly recommend working through Myrtle’s write up of this box. It is really good.

Type your comment> @TazWake said:

@H4FN said:

I´m not sure about it but I guess I saw that part into the code after URL validations with the curl to the URL but I could not figured out how to exploit it I need to keep reading and practicing :slight_smile:

I’d strongly recommend working through Myrtle’s write up of this box. It is really good.

Travel Write-Up by Myrtle - Writeups - Hack The Box :: Forums

hahaha and I was thinking only on the SimplePie, Memcache and the Debug php … I have to many new information to process !!
I’m trying to start growing new skills as a security guy coming from a simple software developer guy but alway it is like … DAM I only know that I don’t know anything …

Thanks a lot to both guys @gunroot .

@H4FN … just like @TazWake said. I’m also suggesting everyone to go through Myrtle’s write-up. Mam’s write-up is bleeding edge on explaining nook and corners of the box. :slight_smile:

@H4FN said:

security guy coming from a simple software developer guy but alway it is like … DAM I only know that I don’t know anything …

Don’t judge yourself based on this box. It had one of the hardest footholds I’ve seen in a long time.

Type your comment> @TazWake said:

@H4FN said:

security guy coming from a simple software developer guy but alway it is like … DAM I only know that I don’t know anything …

Don’t judge yourself based on this box. It had one of the hardest footholds I’ve seen in a long time.

I’m back after my depression with this box hahaha !! I will continue this week with other boxes :slight_smile: good to know that it was one of the hardest and I tried it without success but its part of keep learning

I know the box is retired but i have vip so i can still use it. I just started on it. I the pwnbox machine. The urls are not working for me when opnening them in firefox or Chromium. What do i need to do to fix this?
I should not need to write them in my hostsfile since im on pwnbox? (i did not need to do it when doing active machines). Just in case i added them but its still not working. Any Ideas?