Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Can I get some nudge please? I can read files and list dirs. I tried to extract info from proc but none of use. I used m**** to read files of the user home of m**** but couldn't get anything back. I know I need to use s** with m**** but I seem to miss where to get the data that will allow me to do that.
Can I get some nudge please? I can read files and list dirs. I tried to extract info from proc but none of use. I used m**** to read files of the user home of m**** but couldn't get anything back.
As well as reading files, what else can you do to them?
I know I need to use s** with m**** but I seem to miss where to get the data that will allow me to do that.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Can I get some nudge please? I can read files and list dirs. I tried to extract info from proc but none of use. I used m**** to read files of the user home of m**** but couldn't get anything back.
As well as reading files, what else can you do to them?
I know I need to use s** with m**** but I seem to miss where to get the data that will allow me to do that.
I tried writing them but it didn't work. I see I am restricted to one dir with the m**** user and it is the place that I would like to drop something to allow not to s**
Possibly investigate how you are using them. There is a lot of stuff in this thread about how to issue the commands in a way which should give you the access you want.
I see I am restricted to one dir with the m**** user and it is the place that I would like to drop something to allow not to s**
I never noticed any restrictions like that. It might be worth double-checking what is happening.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
So, I'm pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to that folder (and the "current other" user doesn't have any privileges on that folder, too).
If anyone could give a nudge in the right direction (or point out my mistake), it would be much appreciated
So, I'm pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to that folder (and the "current other" user doesn't have any privileges on that folder, too).
If anyone could give a nudge in the right direction (or point out my mistake), it would be much appreciated
Have a look to see if the attackers, or someone on the system, left something useful behind. Possibly in the built in tables.
DM me for more specific language because I appreciate the vagueness here might be confusing.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Men im about to say bad words !!! Why in the hell i keep receiving this "WARNING: Failed to daemonise. This is quite common and not fatal. () ". I looked at php functions that are disabled and uploaded another rev-php but none ! FUCK
Men im about to say bad words !!! Why in the hell i keep receiving this "WARNING: Failed to daemonise. This is quite common and not fatal. () ". I looked at php functions that are disabled and uploaded another rev-php but none ! FUCK
it quite often means something went wrong with Pentestmonkey's reverse PHP shell.
It doesn't always mean the shell failed so you might want to check if anything is hitting the listener or if something else is the problem.
If other shells are failing you might need to do some deeper troubleshooting.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Rooted. What an awesome ride. Thank you @TazWake for the nudges along the way. I really need to dig deeper into Linux forensics.
Thank you @D4nch3n for a great box. Really loved it from start to finish
Boy that trip caused several "Double Palm" / "DOH!!!!" moments as well as "walk away... just walk away..." moments. @TazWake again thank you for your hints and advice in these forums / discussions they were just the nudges I needed without having to "call a friend"
Cheers @D4nch3n for the fun / maddening at times machine.
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn't have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don't know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn't have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don't know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn't have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don't know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Understood, and thank you for the refresher. I did find that juicy nugget. Was working that avenue but so far hit has been unfruitful. Maybe it's time to use a bigger hammer against it.
----Edit: found the right hammer, this box is dope so far. Definitely mirrors some real world applications.
I'm stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I'm stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Read the b***up, find the log, readt it, and you might find the creds !
Read the b***up, find the log, readt it, and you might find the creds !
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
You can use the creds to enumerate a part of the service which allows users to define functions.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Does anyone have a link, an article, anything, that would help me understand what I'm supposed to do to get user ? I can read files via a very unhandy way of commands, but everything I've tried so far to retrieve informations from the user that shouldn't be able to log in has been a dead end.
P.S : Generally speaking, if your hint is "Enum" or "Google", don't bother please.
Comments
Hi Guys
@Vigneshar said:
Hi
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Can I get some nudge please? I can read files and list dirs. I tried to extract info from proc but none of use. I used m**** to read files of the user home of m**** but couldn't get anything back. I know I need to use s** with m**** but I seem to miss where to get the data that will allow me to do that.
@abogaida said:
As well as reading files, what else can you do to them?
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Type your comment> @TazWake said:
I tried writing them but it didn't work. I see I am restricted to one dir with the m**** user and it is the place that I would like to drop something to allow not to s**
@abogaida said:
Possibly investigate how you are using them. There is a lot of stuff in this thread about how to issue the commands in a way which should give you the access you want.
I never noticed any restrictions like that. It might be worth double-checking what is happening.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
So, I'm pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to that folder (and the "current other" user doesn't have any privileges on that folder, too).
If anyone could give a nudge in the right direction (or point out my mistake), it would be much appreciated
GREM | OSCE | GASF | eJPT
@HomeSen said:
Have a look to see if the attackers, or someone on the system, left something useful behind. Possibly in the built in tables.
DM me for more specific language because I appreciate the vagueness here might be confusing.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Thanks, @TazWake. Will look into the other stuff tomorrow. Now it's time for some overdue sleep
GREM | OSCE | GASF | eJPT
Men im about to say bad words !!! Why in the hell i keep receiving this "WARNING: Failed to daemonise. This is quite common and not fatal. () ". I looked at php functions that are disabled and uploaded another rev-php but none ! FUCK
Why 50 53R10U5
@Jk3r said:
it quite often means something went wrong with Pentestmonkey's reverse PHP shell.
It doesn't always mean the shell failed so you might want to check if anything is hitting the listener or if something else is the problem.
If other shells are failing you might need to do some deeper troubleshooting.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
That's the f**king problem, Im not good at php !
Why 50 53R10U5
@TazWake said:
The vagueness was just right. Managed to grab user. Thanks
And for the last step, I assume that something else was left behind, somewhere. Guess, I need to enum even more
GREM | OSCE | GASF | eJPT
@HomeSen said:
Phew - glad to have helped a bit.
Yeah, they might have changed something to get in through the back door.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
This box FAQ my head off
Anyway rooted !! Thanks @TazWake for the help. Pm if anyone need help ....
Why 50 53R10U5
Rooted. What an awesome ride. Thank you @TazWake for the nudges along the way. I really need to dig deeper into Linux forensics.
Thank you @D4nch3n for a great box. Really loved it from start to finish
GREM | OSCE | GASF | eJPT
Done & Dusted!
Boy that trip caused several "Double Palm" / "DOH!!!!" moments as well as "walk away... just walk away..." moments. @TazWake again thank you for your hints and advice in these forums / discussions they were just the nudges I needed without having to "call a friend"
Cheers @D4nch3n for the fun / maddening at times machine.
Rooted!
Really interesting BOX!
Thanks @D4nch3n !
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn't have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don't know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
GRID, GPEN
@weeeeeeeeee said:
This is on purpose. I suggest taking a look at @TazWake's response, here: https://forum.hackthebox.eu/discussion/comment/87478/#Comment_87478
GREM | OSCE | GASF | eJPT
Type your comment> @HomeSen said:
Understood, and thank you for the refresher. I did find that juicy nugget. Was working that avenue but so far hit has been unfruitful. Maybe it's time to use a bigger hammer against it.
----Edit: found the right hammer, this box is dope so far. Definitely mirrors some real world applications.
GRID, GPEN
Hi anyone i can dm about user ?
Type your comment> @freez3r said:
If you shoot me a dm I might be able to help out.
GRID, GPEN
Definitely an interesting privesc technique, gonna keep that one in my back pocket.
GRID, GPEN
I'm stuck with foothold
I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Type your comment> @netburger said:
Read the b***up, find the log, readt it, and you might find the creds !
Why 50 53R10U5
Type your comment> @Jk3r said:
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
Ping me !
Why 50 53R10U5
@netburger said:
You can use the creds to enumerate a part of the service which allows users to define functions.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Does anyone have a link, an article, anything, that would help me understand what I'm supposed to do to get user ? I can read files via a very unhandy way of commands, but everything I've tried so far to retrieve informations from the user that shouldn't be able to log in has been a dead end.
P.S : Generally speaking, if your hint is "Enum" or "Google", don't bother please.