Official Compromised Discussion

Really interesting box! I have learned a few news things!!
Thanks for the hints and Congrats @D4nch3n !

Pm if you need a small nudge :wink:

How did you guys transfer the interesting file back over to your local macine? scp hangs when I try to connect back to my personal ssh server

Netcat worked for me, but YMMV.

Type your comment> @LMAY75 said:

How did you guys transfer the interesting file back over to your local macine? scp hangs when I try to connect back to my personal ssh server

A lot of ways are there! Scp, Nc, Pyserver, need more? Google it.

Type your comment> @gunroot said:

Type your comment> @LMAY75 said:

How did you guys transfer the interesting file back over to your local macine? scp hangs when I try to connect back to my personal ssh server

A lot of ways are there! Scp, Nc, Pyserver, need more? Google it.

scp wasnt working at first, so I thought there might be another way. Ended up getting it working though thanks!

@LMAY75 for scp you need a valid SSH creds to work. Otherwise it won’t as it comes with a part of SSH. Try NC or Pyserver for easy file distribution.

Type your comment> @gunroot said:

@LMAY75 for scp you need a valid SSH creds to work. Otherwise it won’t as it comes with a part of SSH. Try NC or Pyserver for easy file distribution.

No I ended up getting scp to work. It was just hanging at first.

root@compromised:~# id
uid=0(root) gid=0(root) groups=0(root)

■■■■ yea!

DM me if you need any hints. Most satisfying root possibly ever, very proud of myself there :joy:

Good suggestion from @sparkla - people often overlook how effective Base64 can be in transferring files between systems.

However if ssh from you to the box works, so should scp as it is basically the same protocol. If ssh works but scp fails, there is a good chance something on the box is broken.

@sparkla said:

SSH from box to me doesn’t work as well. I suspect either broken or on purpose to prevent usage of nc (and enforce the intended route) in the early stage of foothold.

Rumour has it (and I certainly haven’t even tried to confirm this yet) but SSH from HTB boxes to user machines is prevented.

You should be able to use SSH/SCP from your machine to this box though.

Couldn’t spot the privesc, nudge welcome.

Its difficult to avoid spoilers. I’d start with thinking about this as a compromised device, and looking for things the attacker might have done to allow themselves back in.

Type your comment> @sparkla said:

SSH from box to me doesn’t work as well. I suspect either broken or on purpose to prevent usage of nc (and enforce the intended route) in the early stage of foothold.

Couldn’t spot the privesc, nudge welcome.

DM me if you still need the nudge for privesc

@sparkla said:

My english must be really bad.

But apart from that (and the fact that I have no idea who “Rumour” is and why he 'has it")

This is the rumour: Official Buff Discussion - #746 by he77kat - Machines - Hack The Box :: Forums

This may be why your SSH isn’t working from the box to your machine. It may not be. YMMV.

I take away the PrivEsc must be super easy and I just looked the wrong way.

PrivEsc on this box is not easy.

@TazWake said:
This is the rumour: Official Buff Discussion - #746 by he77kat - Machines - Hack The Box :: Forums

This may be why your SSH isn’t working from the box to your machine. It may not be. YMMV.

FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards:
systemctl start/stop ssh

@sparkla said:

FYI if anyone is stuck on this. Edit /etc/ssh/sshd_config and change “Port” to anything you want. SSH is only blocked on the standard port. I still wouldn’t recommend leaving it enabled though, just start it when you need and stop it afterwards:
systemctl start/stop ssh

Have players been hacked?

I don’t know to be honest… I just saw the announcement on Discord, but have to assume so. :disappointed:

@sparkla said:

Have players been hacked?

Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).

@Tazwake Can i have the reason for why we needing SSH here ?

@TazWake said:
Not as far as I am aware. Given the difficulty in compromising SSH directly and the chance of getting a different IP each time you connect, blocking port 22 outbound seems like an odd choice. It may be down to something else (administrative interfaces, how the lab environment is configured, VPN issues etc).

They said it’s because so many people are using the default credentials, which leaves them open to easy access.

@gunroot said:

@Tazwake Can i have the reason for why we needing SSH here ?

“need” is a strong word. You can certainly use it on this box but I dont know why you’d want to go from the box to your machine here.

@metuldann said:

They said it’s because so many people are using the default credentials, which leaves them open to easy access.

Ok - I cant argue with their decisions. I disagree with their thinking here and the solution seems heavy handed but it is their environment.

@sparkla said:
No, I haven’t “lost peace of mind”. Not sure why you said that. I valued your previous comments but didn’t wanna let things escalate into endless HTB bashing, also I think we can only guess what’s going on behind the scenes, if we don’t get an official answer. Problems here are very real and some are severe. Problems with the boxes are one thing, how we tread each other is another, how we are being treaded maybe the most important one. We have to consider if our words do improve the issues or maybe make them worse. But it doesn’t really belong here in a box thread, so lets cut it.

I actually thought you would like my little bit of sarcasm -:slight_smile:
It was not my intention to offend you or anyone else.