Official Compromised Discussion

Official discussion thread for Compromised. Please do not post any spoilers or big hints.

«13456

Comments

  • edited September 12
    Starting arena again doesn't work. Just like last week :(

    Hack The Box

  • No ports are open. Is it a tech issue?

  • yes, but if you respawn an instance it should be good to go.
    about...
    now.
    :hushed:

  • Is there a WAF involved or is this thing actually crashing? (public instance)

    Respawned but still can't reach Staring Arena

    Hack The Box

  • I have some ideas but none of them are working so far, gonna try harder.
    Just putting it here in case someone wants to exchange ideas.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • no clue if its intended or not.. in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :| rip

  • Type your comment> @Oxeeql said:

    no clue if its intended or not.. in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :| rip

    Yeah that was my problem too. After I really pushed and quickly found some potential ways, I turned this box into a potato twice and then was busy most of the time changing around my /etc/ hosts to juggle between Starting Arena instances and the public IP.

    Hack The Box

  • edited September 12

    Type your comment> @sparkla said:

    Type your comment> @Oxeeql said:

    no clue if its intended or not.. in (what i thought is the correct path) you can render the webapp completely useless by providing a vq*** file, and i cant reset it anymore :| rip

    Yeah that was my problem too. After I really pushed and quickly found some potential ways, I turned this box into a potato twice and then was busy most of the time changing around my /etc/ hosts to juggle between Starting Arena instances and the public IP.

    I mean it looked really nice so far, don't mean it in an off-putting way to the creator. This stuff is complex and things like that can happen. Hope it gets sorted out.

    Hack The Box

  • Very confused, seems like this could be really straight forward, but it isn't quite working yet hm.

    QSoloX

  • I got webshell but I can't get reverse shell :(, any hint?

  • Rooted, interesting path for root.

    'These violent delights have violent ends'

  • wow nice box, going down a certain CVE path that has to do with vq**** stuff - not sure it's right path - both first bloods by one of the best in htb - wasn't really expecting to emulate that, especially after starting over 1.5 hours late...but, very engaging so far... ;-)

  • ^ im battling with the exploit myself, everything seems to be right for me but then it just doesn't work.

    QSoloX

  • Im at a bit of a loss, i found the exploit, but no matter what my shell will not work. Any tips?

    QSoloX

  • found a CVE , but fail to add , is it wrong way ?

    image

  • Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    Raekh

  • Type your comment> @CyberVaca said:

    I got webshell but I can't get reverse shell :(, any hint?

    This box does not allow network connection..
    ssh is here the "key" "gen"erally ;-)

    thank you @D4nch3n - nice box!

  • Type your comment> @Raekh said:

    Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    me,too

  • Spoiler Removed

  • @FTNTT said:

    @Raekh said:
    Still stuck on the foothold. Found a CVE but it needs creds I can't find to save my life. Any nudges ?

    me,too

    Enum, enum is all i can say.

    'These violent delights have violent ends'

  • @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    Raekh

  • Type your comment> @Raekh said:

    @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    yeah true. so, youre on the right path.
    check again what you got, maybe something that does not get rendered in source code files :)

  • @Raekh i am in your situation ;) bashing my head against what i have

  • @Raekh said:

    @Caracal For low level people "enum enum enum" doesn't help. If it's something we missed, okay. But I've been sitting in the l*g folder for a while, and I simply don't have knowledge to distinguish what I can use or not. I've tried getting the authors to hydra, hijacking the cookies, but nothing.

    It's not about low level people. If you found the file, i say "enum,enum,enum" because it should be clear what you have to do and how to do it.
    It's not even about level, but more about clearness, you have a CVE, you need password, and if you have that file, it's just about enum, and it's clearly impossible to give a clue, without spoiling that part.
    You don't need to hijack anything, you don't need to bruteforce creds.

    For foothold:

    • If you don't have it, common list will help you to get to it.
    • If you have it, just search what you need in it.

    'These violent delights have violent ends'

  • I just found admin creds after bashing my head against the wall for a while.

    Tip: When people say look for logs, don't get tunnel vision like i did. Instead, once you find something remotely interesting, then follow it all the way even if it means navigating to other directories. You won't find the creds in the backup folder only a way to find them.

    (Please remove if i gave away too much)

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • I just can't find the creds, I've been searching for hours!!!

  • edited September 13

    the creds are not in the tar file... but if you read the contents of that archive carefully... then you will find a path where to look for creds

    PS: assume that is not a spoiler, either you have found the tar file or you have not

  • Hello, creator here, just gonna repost the hint that I have made public in the discord chat, if you are stuck at a certain part.

    "Trace the attacker's steps, see what persistence they laid out. One way is by turning a user who normally cannot login, be able to login, and tampering with its service to get persistent access into the box. Maybe they didn't clean up very well?"

    I'm no longer really active on the forums (trying to reduce the number of accounts to check :P ), but DM me on discord for further hints.

  • the little side hint @tang0 and @cool4coder gave here are important. And Thanks !

  • Type your comment> @Sys7em said:

    Type your comment> @CyberVaca said:

    I got webshell but I can't get reverse shell :(, any hint?

    This box does not allow network connection..
    ssh is here the "key" "gen"erally ;-)

    thank you @D4nch3n - nice box!

    True, I saw what I was missing. Thx u dude

Sign In to comment.