Official Time Discussion

12357

Comments

  • Started this machine 2 days ago but still havent found the right CVE. Could anyone give me some hints? I would appreciate it

  • Type your comment> @duongsake21 said:

    Machine response to me "********* re**** *** SYS", But don't have any thing back to me. I don't know it became by connection or i did it in wrong way :(

    the first time i ran this it worked, now a few days later i am back and got errors like this as well as timeouts...maybe that's why this is called time?

    Hack The Box

  • @thanow said:

    Started this machine 2 days ago but still havent found the right CVE. Could anyone give me some hints? I would appreciate it

    Have a look at the response you get from entering test data. Google key phrases. This will take you to a series of things to test to narrow down how it is processing your data. Then you will get the key phrases to find the exploit you need.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @unkn0wnsyst3m said:

    Type your comment> @duongsake21 said:

    Machine response to me "********* re**** *** SYS", But don't have any thing back to me. I don't know it became by connection or i did it in wrong way :(

    the first time i ran this it worked, now a few days later i am back and got errors like this as well as timeouts...maybe that's why this is called time?

    headshake - it worked, checked my http serving directory, the errors here dont seem to necessarily add up, which makes sense because you are leverage processes in an unintended way.

    Hack The Box

  • rooted, fun box. initial enumeration was a pain. Like @TazWake said, google all the error messages and it will point you to the right CVE.
    PM for nudges

  • Yes, i use CVE, i have rev shell... connected but now? :( Little hint?

  • @tortellino said:

    Yes, i use CVE, i have rev shell... connected but now? :( Little hint?

    Grab the user flag, enumerate - enumscripts can be useful here. Find something, look at what it does. Modify it to your ends.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Yes, if i little help other... you image a two tunnel.
    Now i'm to going to root. Hint?
    It's my second box.
    @TazWake said:

    @tortellino said:

    Yes, i use CVE, i have rev shell... connected but now? :( Little hint?

    Grab the user flag, enumerate - enumscripts can be useful here. Find something, look at what it does. Modify it to your ends.

  • @tortellino said:

    Yes, if i little help other... you image a two tunnel.
    Now i'm to going to root. Hint?
    It's my second box.

    You need to enumerate. It's hard to be any clearer without telling you which file to look at.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Oh, this one was very quick.

    I think there is enough hints around here. However, as I saw some ppl complaining about having their root shell dropped, you should know that there is more than a way to get your shell right?

    I also had this problem with my first approach (don't know why), but my second try worked like a charm.
    :)


    Feel free to send me a DM if you need some help. Just remember to tell me what you have already done so I don't spoil anything.

    y0k4i

  • kindly please give me some hint.i'm still in a deep rabbit hole.can advice is appriciated.

  • @L4c3fer said:

    kindly please give me some hint.i'm still in a deep rabbit hole.can advice is appriciated.

    Any hint? Ok - use nmap to find open ports, when you find an open port, look into it and see if it has anything you can use to exploit the box.

    If that isn't much use, it might help if you give an idea of where you are, what you are trying to do, what has failed and, ideally, why the previous hints haven't helped.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake didn't get Json dese******* exploit that work

  • @L4c3fer said:

    @TazWake didn't get Json dese******* exploit that work

    I am not sure I used an exploit you'd describe that way. The one I used was based on googling the error messages.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Could someone give me a nudge on the CVE? I googled the hell out of the error messages and I tried all CVE PoC's i could find, and none work. I don't know what I'm looking for anymore.

  • @Foxar said:

    Could someone give me a nudge on the CVE? I googled the hell out of the error messages and I tried all CVE PoC's i could find, and none work. I don't know what I'm looking for anymore.

    The one I used has the last five numbers add up to 18.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • hi @TazWake, can I PM you, can you give me sanity check on the exploit?

  • @blackbrownco said:

    hi @TazWake, can I PM you, can you give me sanity check on the exploit?

    Yep.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • thanks @TazWake for the nudge! the box has been rooted!

  • Think I need a nudge. I'm trying not to follow advice I don't understand, and I'm currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it's intended. I don't know how to exploit it and all my ideas have failed.

    I've narrowed it down to 5 or 6 CVEs, and I feel pretty confident that my own process would have led me to look these up sooner or later based on the errors I've uncovered. I have a generic question about CVEs. The ones I've looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities. How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I'm not quite at the point where I want to pore over 800 lines of someone else's code to solve this box unless that's actually what you all did, and after 5 pages of forum posts, I'm guessing that's not the case.

  • @leadOctopus said:

    Think I need a nudge. I'm trying not to follow advice I don't understand, and I'm currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it's intended. I don't know how to exploit it and all my ideas have failed.

    The best thing I can suggest is the same as the previous answers - try something, look at the error, google the error.

    This will, eventually, narrow it down to one.

    The ones I've looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities.

    This is fairly common. There is a constant debate about how much information people should include within a CVE disclosure. Some high profile security people feel it helps attackers too much if it contains anything useful.

    Part of the argument about HTB's ratings is based on how well any relevant CVEs work without modification/research. This is a medium box, so there will need to be modification to the public exploits to make it work.

    How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I'm not quite at the point where I want to pore over 800 lines of someone else's code to solve this box unless that's actually what you all did, and after 5 pages of forum posts, I'm guessing that's not the case.

    I am not a hacker, so I don't want to guess how other people work, but in general, the process is reading through and poring over the code.

    With this box, I'd suggest trying the CVEs you have. See if they should work, then see if you can get them working. I found the initial steps narrowed it down to one, which made it easier to eliminate the bits which worked vs the bits which didn't.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • User took me ages and it was one of the first exploits I looked at that I needed to use. Went away from it for a few days and came back, tweaked that one a bit and got in. Root took about half an hour and most of that was automated.

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • Hello! Its the first box i am doing. I read all hints here but still I cant find the correct CVE for user. After founding 2 error messages I narrowed the list of CVEs.
    I have focused on a specific blog post and a corresponding github example, but I cant perform any RCE. So i have 2 questions:

    1) Can I PM someone so I can make sure that I am working on the correct CVE?
    2) Do I have to pass my exlpoit through burp? I was passing my exploit through the web form. Will burp make any difference? If yes, why?

  • Rooted. I do have a question about getting root though, I found that thing that repeats. It made sense. But where is it stated that it repeats? I just assumed.

  • edited December 2020
    Please can someone help me out to get user i"m struggling with validator.


    I got it
  • Guys,I am a newbie in this. Can anyone of you help me ? I am not able to find the correct cve and exploit after that

  • I found the correct CVE , I'm unable to find any exploits or articles to understand more about this CVE.Any help would be appreciated

  • I think i'm on the right path but i'm new so if anyone can nudge that would be great. I know "where" the exploit is and the CVE.

  • I found java POC code, I think it's for the right CVE. But I get errors when compiling. Can I get a hint?

  • @userp419 said:

    I found java POC code, I think it's for the right CVE. But I get errors when compiling. Can I get a hint?

    You shouldn't need to compile an attack for this. You can use an injection which calls your attack file.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.