Official Doctor Discussion

1568101115

Comments

  • Finally got root, that was an interesting box !

    Dm me if you want hints but there are already a lots of them in the discussion !

    Thanks for the box!

  • Fun box!! Thanks @egotisticalSW ! on the border between easy and medium

    If anyone nedd help, pm ;)

  • Looked into all kinds of files and read through my linpeas output numerous times and still cannot find anything to get user. Can anyone msg me a nudge on what I should be looking for? Strings'ing all different kinds of files has not been fruitful.

  • @braj said:

    Looked into all kinds of files and read through my linpeas output numerous times and still cannot find anything to get user. Can anyone msg me a nudge on what I should be looking for? Strings'ing all different kinds of files has not been fruitful.

    Manual enumeration works well here. Grep is helpful. Think about how the application works, what users might do by accident and where that would be captured.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Finally rooted. Many problems with initial foothold. Specially with fucking quotes. super noob. User was quick but I don't like it much. root also quick with a bit help. Best part the foothold. Thanks for the help given. If anybody require help PM.

  • edited October 2020

    Rooted.
    I got the foothold two different ways. One being the all things thingy, as expected, and the second one from a certain tag that I have absolutely no idea why it works, but it does, straight to a reverse shell even. Using a few ifs.
    Can someone pm me about that second case?

    Path to root is straightforward, just google it.

  • I'm late to this party, but finally rooted. Interesting box to say the least. The thread definitely has everything you'd need for hints. Feel free do DM if you need an extra nudge.

    Harbard

  • Phew, took me long enough but eventually got root. Shoutout to @Darvidor @caveeroo @limelight @he110w0r1d @exord26 for all their help and nudges.

    Plenty of hints already but feel free to reach out if you're stuck

    cmoon

  • edited October 2020

    Found the s*c*u*e m*s*ag*ng platform, made an account... hopefully I'll be able to make some progress.

    EDIT: got hashes.. this is getting interesting.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • @PapyrusTheGuru said:

    EDIT: got hashes.. this is getting interesting.

    https://forum.hackthebox.eu/discussion/comment/84036/#Comment_84036

    The hashes aren't the path you are looking for.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Type your comment> @TazWake said:

    @PapyrusTheGuru said:

    EDIT: got hashes.. this is getting interesting.

    https://forum.hackthebox.eu/discussion/comment/84036/#Comment_84036

    The hashes aren't the path you are looking for.

    Yeah, I forgot I commented that, I have already gotten a shell on the machine.. working towards User, thank you so much for still taking your time to help out.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • @PapyrusTheGuru said:

    working towards User

    Nice one.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited October 2020

    So, I got access to the admin account at doctor.htb, there is no password for the account. I dont know what to do

  • Type your comment> @TazWake said:

    @PapyrusTheGuru said:

    working towards User

    Nice one.

    Thank you!

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • @deissh said:

    So, I got access to the admin panel at doctor.htb, there is no password for the account. I dont know what to do

    You might be looking in the wrong place. I don't recall seeing an admin panel.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Type your comment> @TazWake said:

    @deissh said:

    So, I got access to the admin panel at doctor.htb, there is no password for the account. I dont know what to do

    You might be looking in the wrong place. I don't recall seeing an admin panel.

    *[email protected] account

  • @deissh said:

    Yeah, it kind of depends on where you are logging in with that. If it is a S****** M******** portal, you are on the right track and it is likely you've used an account someone else set up.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Finally did it! This is my second box here and I feel like I'm starting to get the hang of it.

  • edited October 2020

    Rooted !
    The foothold took me hours and hours. The root part comes without much surprise but was very enjoyable nonetheless.
    Feel free to reach out while the process is still fresh in my head :wink:
    Thanks to @egotisticalSW for the box, and thanks to everyone for nudges, especially to @Harbard

  • edited October 2020

    Thank @ArtemisFY for the nudge

  • edited October 2020

    Got root but definetely not an easy box. I think easy ones would be those that a newcomer could do without much effort. I don't think this is the case. Besides that, nice box.
    PM me if you need help.


    Feel free to send me a DM if you need some help. Just remember to tell me what you have already done so I don't spoil anything.

  • I really enjoyed the box. Very interesting, nice foothold and more interesting privesc.
    Dm for hints.
    Thanks @egotisticalSW for the cool box!

    Arrexel

  • Got stuck at S**i. I know its b**** in******* but cant figure out which parameter to try on. Any nudge?

  • @mandev said:

    Got stuck at S**i. I know its b**** in******* but cant figure out which parameter to try on. Any nudge?

    Depends what you mean by parameter in this context. If you mean which field of the form, you can test it. Put One in the first and two in the second. When you look at the right output, there will only be a single response and you know which bit to attack.

    If you mean parameter to S**i, then I don't think I understand.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Finally rooted... This one was tough but definitely learned a lot. Much respect to @TazWake for guiding me down the right path!

    aut0exec

  • very interesting this box is learned by solving

  • edited October 2020

    Type your comment> @TazWake said:

    @mandev said:

    Got stuck at S**i. I know its b**** in******* but cant figure out which parameter to try on. Any nudge?

    Depends what you mean by parameter in this context. If you mean which field of the form, you can test it. Put One in the first and two in the second. When you look at the right output, there will only be a single response and you know which bit to attack.

    If you mean parameter to S**i, then I don't think I understand.

    Yes it was form fields :smile: . I think this one not easy as given si pa****ds to fm f***ds. I am trying hard. Can i pm you?

  • If someone needs help, contact me, I'll try not to spoil you

    Arrexel

  • Rooted. Easy box. If you need some help, DM me.

  • @mandev said:

    Yes it was form fields :smile: . I think this one not easy as given si pa****ds to fm f***ds.

    You might be using the wrong s**i.

    I am trying hard. Can i pm you?

    Yes.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

Sign In to comment.