Official Bucket Discussion

123468

Comments

  • Finally rooted the box, root part found to be very tough to me. Thanks guys for helping with nudge specially @xaif7aLe

    akhlaqur

  • Finally rooted. Thanks to @MrR3boot for creating this amazing machine. Definitely on the harder side of medium machines, but well worth the effort.
    No additional hints from me but if you need a nudge, feel free to DM me.

    bigFish43
    eJPT

  • edited November 2020

    Hi, i'm new in this world.
    I'm not familiar with a**, any hint for user?

  • Enjoyable box - learned a few new things as well, which is always good.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @JoakoI98 said:

    Hi, i'm new in this world.
    I'm not familiar with a**, any hint for user?

    The cli helps. If you google the commands it allows, you might come up with a way you can get a foothold. Then you can use the loot you can find from basic enumeration to become the person you want to become.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Got user. I like this box already, have to read much many many documentation. On to root!

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • It took a while to figure out the root part (though I didn't manage to get a shell, just only the flag) Thanks @MrR3boot: it was great to learn new things

  • For root, when you start researching, ignore any sources that appear to be medium helpful, they will only lead you astray.

    The docs, and Twitter of all things are much more useful!

  • Spoiler Removed

  • Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it's closed....

  • @alalno said:

    Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it's closed....

    You only need one port for the foot hold - XX - and it's a common one. If you saw a port in the range of XXXX, then chances are you saw some else attacking the box and setting up their own server for some unknown reason.

    Best route to initial foothold - enumerate with the right host name.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Rooted.

    Hint for root:
    If your POSTman is afraid of the tunnel, ask someone locally.
    Wasted a bunch of my time here.

    Good box though. PM for nudges.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Managed to grab some creds and also know how to get stuff into "the cloud" (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :/
    Anyone willing to spare a hint on how to proceed?


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen said:

    Managed to grab some creds and also know how to get stuff into "the cloud" (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :/
    Anyone willing to spare a hint on how to proceed?

    The annoyingly vague hint is "more enum".

    You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @TazWake said:

    @HomeSen said:

    Managed to grab some creds and also know how to get stuff into "the cloud" (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :/
    Anyone willing to spare a hint on how to proceed?

    The annoyingly vague hint is "more enum".

    D'oh. I was afraid someone came up with that :D

    You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

    I see what you mean, here. Will try that. Thanks.

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    Good to know. Because on the other location it remained for quite some time.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited November 2020

    Type your comment> @TazWake said:

    The annoyingly vague hint is "more enum".

    You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    I understand what you mean here and I was trying to go down this route using the API - but I can't get it to hit the "local" bucket instead of the amazonaws endpoint...can I DM?

    EDIT: figured out how to write it to that location , now on to actually getting a foothold...

  • @r1cin said:

    can I DM?

    Yes - and I will always try to help if I can but I cant say how quickly I'll reply. I try to be fast but circumstances vary.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @TazWake said:

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited November 2020

    I think I've managed to find some credentials on AWS s3 bucket but they look like dummy credentials? so far pretty confused on what to do? Can I DM someone about this? Thank you.

    Been reading docs for ages now lol.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Type your comment> @PapyrusTheGuru said:

    I think I've managed to find some credentials on AWS s3 bucket but they look like dummy credentials? so far pretty confused on what to do? Can I DM someone about this? Thank you.

    Been reading docs for ages now lol.

    Sometimes you can do lots of things without creds, e.g. exploring as you've done passively. But what active enum have you tried?

  • edited November 2020

    Type your comment> @beefsprocket said:

    Type your comment> @PapyrusTheGuru said:

    I think I've managed to find some credentials on AWS s3 bucket but they look like dummy credentials? so far pretty confused on what to do? Can I DM someone about this? Thank you.

    Been reading docs for ages now lol.

    Sometimes you can do lots of things without creds, e.g. exploring as you've done passively. But what active enum have you tried?

    I've mostly been messing around with a*s-c*i and trying to check if it's misconfigured, I've also done directory busting on it, I've so far found /s**ll (dyn*m**b) and, I also read a lot about the a*s SDK for dyn*m**b to see if i could do something with it - I could not, as far as I am aware. Although for some reason inst*nce meta-d**a returned IAM credentials/keys, as far I was concerned this is a s* bucket, NOT a ec* instance.
    I'm pretty stuck right now, I'm fairly new to AWS but this machine has already made me learn plethora of things about the service!

    I've read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff I'm able to enumerate is mostly regurgitated information that doesn't seem to help. Maybe I'm going about wrong here?

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Just rooted. It was very close to real life. I think it's a hard box. You have to be master of database. You should use your knowledge to show bond creativity.
    Good luck!

  • Type your comment> @PapyrusTheGuru said:

    I'm pretty stuck right now, I'm fairly new to AWS but this machine has already made me learn plethora of things about the service!

    You're definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isn't just for the dyn*m**b UI.

    I've read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff I'm able to enumerate is mostly regurgitated information that doesn't seem to help. Maybe I'm going about wrong here?

    It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like you're starting to get the big picture which is what this box is all about.

  • Type your comment> @beefsprocket said:

    Type your comment> @PapyrusTheGuru said:

    I'm pretty stuck right now, I'm fairly new to AWS but this machine has already made me learn plethora of things about the service!

    You're definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isn't just for the dyn*m**b UI.

    I've read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff I'm able to enumerate is mostly regurgitated information that doesn't seem to help. Maybe I'm going about wrong here?

    It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like you're starting to get the big picture which is what this box is all about.

    Thank you so much for the clarification! I was having some difficulties with wondering if I was in a rabbit hole or not! This box seems really neat with a well executed concept so far.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • edited November 2020

    @HomeSen said:
    @TazWake said:

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

    Do you mean that it is accessible from the main domain once uploaded to the bucket?

  • edited November 2020

    Type your comment> @syn4ps said:

    @HomeSen said:
    @TazWake said:

    The biggest issue I found was how quickly you need to work. Scripting is a winner.

    It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

    Do you mean that it is accessible from the main domain once uploaded to the bucket?

    OK, just have to wait a bit :) Thanks @TazWake

  • Got initial foothold!
    Onto User :)

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Can anyone help me with bucket

  • @zatch3301 said:

    Can anyone help me with bucket

    It depends on what the problem is.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • I started the bucket box got second page also got the concept.
    stuck on Buc***-name. PM me

Sign In to comment.