Official Doctor Discussion

1910111315

Comments

  • Just got the flags about an hour ago. The most time consuming part was getting the syntax of the "message" that opened the rest of the doors.

  • edited December 2020

    Anybody able to give me some pointers....

    Have checked out the ports that I've seen open with nmap and can't find anything on the pages....

    I feel like this isn't an easy box....

    rancilio

  • Type your comment> @rancilio said:

    Anybody able to give me some pointers....

    Have checked out the ports open and can't find anything!

    I feel like this isn't an easy box....

    Not sure how to help but nmaping the target will reveal the right port

  • Type your comment> @C4P7A1NFlint said:

    Type your comment> @rancilio said:

    Anybody able to give me some pointers....

    Have checked out the ports open and can't find anything!

    I feel like this isn't an easy box....

    Not sure how to help but nmaping the target will reveal the right port

    Sorry, I was meant to say that I've checked the open ports that were revealed from my nmap scan, but can't seem to find anything at all on the pages.

    rancilio

  • Type your comment> @rancilio said:

    Type your comment> @C4P7A1NFlint said:

    Type your comment> @rancilio said:

    Anybody able to give me some pointers....

    Have checked out the ports open and can't find anything!

    I feel like this isn't an easy box....

    Not sure how to help but nmaping the target will reveal the right port

    Sorry, I was meant to say that I've checked the open ports that were revealed from my nmap scan, but can't seem to find anything at all on the pages.

    There's a clue on the page if you follow that you can get to a different page,look for something that can tell you the address to that page.

  • Finally, rooted this. Thanks for the help. I have a question though. When using the payload I found that some applications ran in the shell but didn't work in the payload. Can anyone tell me why? Specifically, when trying to get reverse shell.

  • hammered it, enjoyed the box but the foothold part for who didn't experienced that attack technique before will be tricky thou.

  • got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?

  • @Unkn0wnUs3r123 said:

    got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?

    Have a look at the other service and google the thing you are trying to do.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @Unkn0wnUs3r123 said:

    got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?

    Yeah, go back to your original enum and google some services from that.

  • edited December 2020

    I'm trying to esc priv for root access so I got a script that enables me to get hashes in the shadow folder but something's confusing about the root's psswd hash; it contains "/" whereas user s**** hash doesnt.
    Made me wonder if I have tailed the wrong path. Any hint please....

  • edited December 2020

    rooted .
    foothold is tough . atleast for me (read noob) . but there are two ways in i could eventually find and both of them worked .
    user was easy . stick to methodology (note to self and others)
    look higher for root

    pm for nudges

  • I'm having trouble finding the page inside S***** M******** that allows me to try out the vulnerability. Any nudges?

    Hack The Box

  • @tanfoglio said:

    I'm having trouble finding the page inside S***** M******** that allows me to try out the vulnerability. Any nudges?

    Directory enumeration works.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted with some help from guru @Harbard :star:
    Feel free to PM me for nudges! Most hints are already pointed out in the thread so just remember to take one step at a time and be persistent as you should always be.

    Hack The Box

  • Hello everyone! I am stuck at D******** S********* M***********. I figured out that is susceptible to S***. I am getting a hard time creating an efficient payload that would bypass potential filters. I would be grateful for some hints, because I am missing something for sure

  • edited December 2020

    Hello guys! Any ideas why my reverse shell hangs at the root part? Is it because of the shared instance and something clashes with another user or is it that I've messed something? Can you PM me for help?

  • Type your comment> @mkampo said:

    Hello everyone! I am stuck at D******** S********* M***********. I figured out that is susceptible to S***. I am getting a hard time creating an efficient payload that would bypass potential filters. I would be grateful for some hints, because I am missing something for sure

    The results of your payload are "displayed" on a different page entirely.

  • jw0jw0
    edited December 2020

    I've got access to DSM by updating my h___s file. I'm testing out sending messages but I'm not sure if I need to exploit S__I or X__? Is anyone able to send me a nudge in the right direction? Bit of a noob

    Edit: Got successful X__ injection on a____ page... what am i missing?

    Landed a shell. My advice: img src r*****e s***l

    rooted. User was relatively easy, root is also not too challenging with a bit of google for that pesky one that blocked you at the start.

    Hack The Box

  • Many thanks to @subtilis for his useful guidance.

    I got user shell
    whoami
    s*****

    Now I am looking for potential PE vector and I think the answer is in S*****

  • Rooted it! Root in comparison to initial foothold/user was fairly easy. Nice box nevertheless, I've learned a new attack vector from it.

    id

    uid=0(root) gid=0(root) groups=0(root)

  • RooteD~!
    figuring out the technique to get foothold was tricky.

  • Rooted, feel free to PM me if you're stuck but please be sure to say what you've done so far and get ready for ambigous hints :)

    As for nudges:
    Foothold - Sometimes things can appear different when we look at them from a different direction.
    User - You have something that can help you look someplace. Anything weird there?
    Root - sometimes it's good to get back to basics and to start off with a clean slate.

  • Definetely not an easy box, but big fun and learned a lot

    As often, user is the harder part, root is very well documented, just use what already exists. For User and Root: enumerate, enumerate, enumerate very carefully

    pm me if you need a hint

  • I was able to get to the login page but I don't understand why it worked and really want to know before moving on. I'd appreciate if someone could PM me about that

  • @0xL said:

    I was able to get to the login page but I don't understand why it worked and really want to know before moving on. I'd appreciate if someone could PM me about that

    It depends what you mean about why it worked.

    I suspect your question is down to how HTTP works and the way the hosts header works.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Yes, I didn't want to say too much but that little bit you just said is enough for me to go and do my own research. Thanks

  • edited January 6

    Hello guys, i'm stuck on getting the user, i've seen that it's par of some groupe but i got nothing from there !

    could you please give me a little help ?

    Thanks :)

    Update : i got it ^^

    Hack The Box

  • Hi, thanks everyone for the hints.
    I managed to get user & root.
    Foothold : very interesting way of injection
    User : enumerate... there is one thing you have access to...
    Root : pretty simple

  • edited January 10

    hello guys, is it normal that I can only see a single page on this machine?
    I tried gobuster but it can only find css, images, fonts, and js

    any idea?

    nevermind :)

Sign In to comment.