Official Doctor Discussion

17810121315

Comments

  • [email protected]:/root# id
    id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:/root# whoami
    whoami
    root
    

    Finally I did it :)

    Regarding 500 on certain page - probably previous action you made didn't go well with the server, maybe you should go back and change something.

  • I loved the foothold, took me a minute to figure out, but simple recon tells you how to make it work.

    User: definitely make sure to read the output of your tools! I didn't and it made this take a lot longer than it needed to.

    Root: I knew what I needed to do from the first step of my recon, but doing it actually took me two hours of bashing my head on the wall. I ended up trying two of the available and relevant scripts but the quiet one never seemed to execute my payload under any circumstances and the caver only worked after a machine reset. I wonder if something was subtly breaking the relevant service in the process of exploitation? From watching ps on the box I know a lot of people were trying the quiet one, haha.

  • The hash isn't working

  • Wrong hash

  • But from user.txt

  • @Spl01ter said:

    The hash isn't working

    This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Took me way longer than I had hoped, but enjoyed it. The hint in the machine image was clear to me, but it still took me almost forever to find what I was looking for with it. I went way overboard with analysing those things, but it just ended up being an extremely obvious (and unexpected) surprise right in front of me. I can see how someone might lose hours on this, and someone else spots it right off the bat. Took me three days.

  • Could someone DM me a nudge for the initial foothold, I have found the me****ing app and have made an account. I have found something also I think I can exploit as a particular page is giving back to me what I leave but im not sure where to go from here! Any help would be great!

  • Just rooted. the foothold was the most hard part in the box.
    DM for clues but tell me your progress first.

  • Just rooted. This is my first machine in HTB. Definitely not easy in my (beginner's) opinion.
    Learned a lot of things.
    Good luck for the others :)

  • Rooted!

    foothold is the hardest part by far, past that is just enum and google fu.

    Although reading the forum there is two ways to get the foothold? Could I PM someone about the second way?

    pm if you need hints

  • I got that it's mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

    Please PM if you have any hints, I'm likely missing something staring me in the face.

  • @rtm516 said:

    I got that it's mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

    Assuming you got have the correct letters for ** in that bit, then it is likely that you haven't fully enumerated the pages to see what happens when you submit.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • User: Look for the contact info.
    Root: Checkout what you initially found during recon.
  • Rooted!
    I think characterizing this as an easy box is probably right.
    DM for help :)

  • Type your comment> @rtm516 said:

    I got that it's mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

    Please PM if you have any hints, I'm likely missing something staring me in the face.

    I'm the same with you, have you solved? can you nudge me a little?

    Hack The Box
    OSCP

  • Stuck in S**I for a day, I can't found anything more. if someone could nudge me, I will be very appreciative.

    Hack The Box
    OSCP

  • I've been banging my head against this for hours now. I can't find anything other than the Splunk Forwarders page. Any nudge would be greatly appreciated.

    image

  • @chaoskreator said:

    I've been banging my head against this for hours now. I can't find anything other than the Splunk Forwarders page. Any nudge would be greatly appreciated.

    Pay close attention to the other website. It has some vital information hidden in plain sight.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Finally rooted! It was a fun box, definitely humbles you.. Once you gain foothold, enumerate well on all services and check out what high ports might be vulnerable. Then I suggest google to see where that would store the credentials ;)

    Anakin102

  • I would appreciate a nudge for finding and exploiting the S**i vulnerability. Been looking for hours and I just don't see it...

  • @h0ll0w666 said:

    I would appreciate a nudge for finding and exploiting the S**i vulnerability. Been looking for hours and I just don't see it...

    Two things:

    • make sure you know the right pages to look at to trigger anything you've injected
    • make sure you have the right two letters in between the S and i.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Got root today. Fun box! Initial foothold was definitely the toughest.

    Feel free to DM if you find yourself stuck and need a nudge.

  • faced a rabbit hole while trying to get root. Noticed that python2 binary has cap_sys_ptrace capability. And I thought it is the way to root, but after several hours I realized that kernel.yama.ptrace_scope is set on Ubuntu and there is no possibility to change it on runtime..

    Finally got root, nice box, not so easy as I thought!

  • edited November 2020

    can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*****e where titles show up but no si

  • @karimwassef said:

    can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*****e where titles show up but no si

    Do you have the right s**i?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Initial foothold was a little difficult, but everything after that was pretty straightforward. Plenty of tips in this thread but PM me if you need a nudge.

  • edited November 2020

    Stuck with port scan in Doctor machine.. all ports are filtered :(
    used syn stealth scan...

  • Type your comment> @TazWake said:

    @karimwassef said:

    can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*****e where titles show up but no si

    Do you have the right s**i?

    I honestly don't know, i haven't really messed around with it before

  • @karimwassef said:

    I honestly don't know, i haven't really messed around with it before

    One of the payloads on payloads all the things works.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

Sign In to comment.