Official Bucket Discussion

2456710

Comments

  • Anyone want to go over some a** setup for root. I think I know what to do but when I post I don't get any report :/

    zweeden

  • Can anyone give me a little nudge on foothold?
    I can give you very specific info on what I have already tried in a dm.
    Don't want to write spoilers here.

    Hack The Box

  • Will i need an A** account for this?

    elseif

  • Type your comment> @elseif said:

    Will i need an A** account for this?

    No

    Hack The Box

  • I now control the bucket and can upload, edit and delete whatever I want but I can't get it to execute anything

  • Type your comment> @0xTen said:

    I now control the bucket and can upload, edit and delete whatever I want but I can't get it to execute anything

    same here, kinda stumped trying to think of how to leverage this to get RCE on the server.

    still wondering about that s***l URI, but IDK.

  • Type your comment> @0xTen said:

    I now control the bucket and can upload, edit and delete whatever I want but I can't get it to execute anything

    consider where you are executing from..

    alt text

  • Still looking for a nudge on root :/
    I believe I have set everything up correctly in dy***o but when posting to actions I get nothing. Could really use a nudge/hint please

    zweeden

  • Type your comment> @sm4sh0ps said:

    Type your comment> @0xTen said:

    I now control the bucket and can upload, edit and delete whatever I want but I can't get it to execute anything

    consider where you are executing from..

    can i DM you regarding this if you don't mind? Looking for a slight nudge in the right direction, nothing major.

  • Finally got user after a few days of off and on messing around with the CLI. Wasn't too bad. I'd imaging it'd be pretty simple if you were familiar with it beforehand. Onto root

    Hack The Box

  • This was a really nice box and great to see the incorporation of a*s. Getting familiar with that environment takes a little bit of practice if you are unfamiliar with it but the name of the box says it all. pm for nudges/sanity checks.

  • Why do I get bullied?

    Hack The Box

  • Type your comment> @DancinHype said:

    Why do I get bullied?

    u good m8?

    elseif

  • Type your comment> @elseif said:

    Type your comment> @DancinHype said:

    Why do I get bullied?

    u good m8?

    No... I got bullied by my team that im trying to recruit for. I just suck at hacking lol. (They were just teasing and said that i'd ask a question on the forums so I did)

    Hack The Box

  • Type your comment> @DancinHype said:

    Type your comment> @elseif said:

    Type your comment> @DancinHype said:

    Why do I get bullied?

    u good m8?

    No... I got bullied by my team that im trying to recruit for. I just suck at hacking lol. (They were just teasing and said that i'd ask a question on the forums so I did)

    Looks like it's not a very good team.

    nopej0hnson

    PM for nudges, will be glad to help you.

    • Rooted, after a long time. Root is a complicated but very interesting part, I learned a lot. Do not hesitate to inquire about the permission of the services.

    Arrexel

  • twhtwh
    edited October 2020

    Rooted!

    USER HINTS :
    - enum
    - read the doc or at least the help command
    - Nothing is lost, "what goes around comes around"
    - read the doc again

    ROOT HINTS
    - enum
    - read the doc
    - read the doc
    - and the last hint is... read the doc :smile:

    Feel free to PM me if you need help

  • Type your comment> @twh said:

    Rooted!

    USER HINTS :
    - enum
    - read the doc or at least the help command
    - Nothing is lost, "what goes around comes around"
    - read the doc again

    ROOT HINTS
    - enum
    - read the doc
    - read the doc
    - and the last hint is... read the doc :smile:

    Feel free to PM me if you need help

    For user or brute force it. Social Engineering is your friend btw.

    Hack The Box

  • Rooted. Very nice box. A lot of new topics. Thanks MrR3boot

    Hack The Box

  • I got some credentials, what i should do with those creds

  • Type your comment> @0xstain said:

    I got some credentials, what i should do with those creds

    Keep them on hand, they will be useful. :)

    Arrexel

  • edited October 2020

    i don't know what to do next, i am stuck in shell

  • edited October 2020

    @0xstain said:
    I got some credentials, what i should do with those creds

    • Try to link the s* site and the main domain. And see if you can take action against Bucket.

    Arrexel

  • Where do you get all the creds from? before you have a shell or only afterwards on the box?

  • Finally rooted after a lot of fumbling around! Cool box, with some real-life situations.

    Somebody mentioned that already, but if you think you have it right and nothing is happening or things are disappearing, keep trying - the box is cleaning itself up quite aggressively. So be quick - or ideally script the steps to avoid retyping everything multiple times!

    Feel free to DM for nudge.

  • How much of a "real A*S bucket can it be if it's hosted on HTB ?

    lebutter
    eCPPT | OSCP

  • Type your comment> @thepioneer said:

    Where do you get all the creds from? before you have a shell or only afterwards on the box?

    Before

  • Type your comment> @lebutter said:

    How much of a "real A*S bucket can it be if it's hosted on HTB ?

    That is exactly what I was thinking

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Woohoo, finally a shell!

  • Got a foothold, though not sure it's the right type of foothold. Lost at getting user from the foothold.

Sign In to comment.