Official Bucket Discussion

Type your comment> @DancinHype said:

Type your comment> @elseif said:

Type your comment> @DancinHype said:

Why do I get bullied?

u good m8?

No… I got bullied by my team that im trying to recruit for. I just suck at hacking lol. (They were just teasing and said that i’d ask a question on the forums so I did)

Looks like it’s not a very good team.

  • Rooted, after a long time. Root is a complicated but very interesting part, I learned a lot. Do not hesitate to inquire about the permission of the services.

Rooted!

USER HINTS :

  • enum
  • read the doc or at least the help command
  • Nothing is lost, “what goes around comes around”
  • read the doc again

ROOT HINTS

  • enum
  • read the doc
  • read the doc
  • and the last hint is… read the doc :smile:

Feel free to PM me if you need help

Type your comment> @twh said:

Rooted!

USER HINTS :

  • enum
  • read the doc or at least the help command
  • Nothing is lost, “what goes around comes around”
  • read the doc again

ROOT HINTS

  • enum
  • read the doc
  • read the doc
  • and the last hint is… read the doc :smile:

Feel free to PM me if you need help

For user or brute force it. Social Engineering is your friend btw.

Rooted. Very nice box. A lot of new topics. Thanks MrR3boot

I got some credentials, what i should do with those creds

Type your comment> @0xstain said:

I got some credentials, what i should do with those creds

Keep them on hand, they will be useful. :slight_smile:

i don’t know what to do next, i am stuck in shell

@0xstain said:
I got some credentials, what i should do with those creds

  • Try to link the s* site and the main domain. And see if you can take action against Bucket.

Where do you get all the creds from? before you have a shell or only afterwards on the box?

Finally rooted after a lot of fumbling around! Cool box, with some real-life situations.

Somebody mentioned that already, but if you think you have it right and nothing is happening or things are disappearing, keep trying - the box is cleaning itself up quite aggressively. So be quick - or ideally script the steps to avoid retyping everything multiple times!

Feel free to DM for nudge.

How much of a "real A*S bucket can it be if it’s hosted on HTB ?

Type your comment> @thepioneer said:

Where do you get all the creds from? before you have a shell or only afterwards on the box?

Before

Type your comment> @lebutter said:

How much of a "real A*S bucket can it be if it’s hosted on HTB ?

That is exactly what I was thinking

Woohoo, finally a shell!

Got a foothold, though not sure it’s the right type of foothold. Lost at getting user from the foothold.

Nevermind. Got user

I’m not very familiar with this service, not sure where to query. Found the h***th page that confirmed the service on the backend but not sure how to proceed.

Edit: Nvm, it appears I DIDNT REALIZE THE IMPORTANCE OF A SLASH. God that is so annoying, since when did slashes at the end of a URL matter?

Type your comment> @LMAY75 said:

I’m not very familiar with this service, not sure where to query. Found the h***th page that confirmed the service on the backend but not sure how to proceed.

Make sure to enumerate what you have access to as much as possible. After you find what you’re looking for, read the documentation on the service that’s running in order to enumerate further and get the info you need for foothold.

I definitely agree, if not familiar with the service, there’s a steep learning curve. Going to put it down and go for root later in the week. Have some ideas, but not fully sure where to take 'em.

Got creds, got s* access: I am able to Alert the web page - I can upload whatever I want and got this weird javascript shell running - But other than that, i’m pretty stuck. s* can communicate with the domain.

Once you’re able to run things on the web page - what’s next ? Printing an alert is cool and all but i’d want a user shell instead :wink:

any help please ? :open_mouth: