got foothold as user g**
. what should i be looking for from here on?! chcking repositoriesā¦but found nothing of interest i guessā¦
a little assit would be appreciated ! thank you
got foothold as user g**
. what should i be looking for from here on?! chcking repositoriesā¦but found nothing of interest i guessā¦
a little assit would be appreciated ! thank you
This was a fun box, thanks a lot! I did couple of easy boxes before but this is the first one for me without hints!
foothold: super easy with msf
user: simple after a bit of enumerating (there are like three ways to find it at least)
root:
Thanks once more!
Finally rooted. Not an easy box at all tbh.
Foothold: Search fo public et that let obtain r s**** without setting up ll g*b e********t. Personally I had to to do some tricks to have stable working condition.
User: Know where you are and what is used below you. Google how to r*** u*** p*******. Go back where you started and retrieve useful stuf that let you have a stable foot in.
Root: This took me a while after using typical enum tool. Finally with a deeper look of the enumeration output and with a deeper look into thing the enumeration tool pointed you to, I followed the right PATH and manage to trick that thing in order do to something evil and gain root privileges.
Important note: struggled a lot for this box with HTB free servers, I had to switch several times for the foothold part, finally switching to AUS server ended my pains.
Thanks a lot for the box!
Long time lurker here.
Iāve been working boxes here for almost a year and I have to say, the initial foothold and getting to user on this one does not warrant an easy rating on this box. Itās intermediate at the very least.
That being said, I will say, if your attack VM is robust, the D****r route for GL will make your life easier.
Although it was a bunch of hoops, this was a fun box and I recommend this one for everyone.
I am on the verge of getting the foothold but struggling with msf. I could really use a nudge from anyone. I can explain what I have found in a PM.
Thank you in advance.
Rooted.
Thank you @Tazwake for the last nudge I needed
For people struggling with foothold (msf) is your friend for easy win.
One of my main challenges with this was my own environment. My SSH connection kept dropping but eventually resolved it by switching from UDP to TCP.
Did anyone else have issues with the connectivity to the box once being inside it?
Finally! What a journey.
Iām curious with how others have gained foothold. I didnāt set up a similar environment as the box. Hope to share thinking processes and paths taken with others via PM.
Foothold
You probably found something interesting but cannot get RCE. Halt the exploit a step at a time to see where it is being sent.
User
You have powers to change something important to others without any prior knowledge. Noisy PE-aS can help you.
Root
Find something with special powers. You can look inside and Trace what it does. Look carefully and then literally get in its WAY.
This is no means an easy box! The sooner you realise this, the less you will feel deflated when you go through each stage. Donāt give up. PM me if you need some nudges.
Very glad that the foothold has been scripted out a tough one for an easy box!
Finally rootedā¦ feeling devastated though.
This is probably the hardest Medium box I have ever done and yet it is rated Easyā¦ you really have to think and try lot of things if you have no earlier experience with the techniques used in this box
I am wondering did anyone done the root hacking the shared libraries?
(Thereās a simpler way but still)
Fun box thus far
Awesome box, very challenging ping me for nudges
Hey guys,
Anyone faced āExploit failed: NameError uninitialized constant Rex::Versionā in msf? It was working fine yesterday but today i am getting this!
Any idea on this is appreciated
EDIT : found a workaround itā¦ but not sure why it happened!
Spoiler Removed
when I used the POC for G***** in rails, my kali tell a error sh: 1: Syntax error: Bad fd number
, someone can tell me why plz, PM me ,thx
Great box thanks @0xc4afe ! For those talking about resetting the box and updating the default user accounts, there is no need, you can power yourself up to find the secret sauce, just follow the chugga chugga, chugga chugga, choo choo.
Iāve read a few other write ups since owning and there is definitely an easy and hard way to get the foothold, which for sure takes it from an Easy to Medium box, Iād be interested to know which was āintendedā.
PM me for hints
Hi, Iām stuck at G***** page, can anyone give me any hints to get foothold, user credentials ? >:(
Type your comment> @quangvo said:
Hi, Iām stuck at G***** page, can anyone give me any hints to get foothold, user credentials ? >:(
Just enumerate some more on the page. Look for what you can do on the G***** pageā¦ And if you have access, find that important number to enumerate more information about the G*****
Got stuck in the process, can anyone give me a nudge in the right direction?
So I was thinking, my reverse shell is not correct, or I am doing something wrong with following the instruction from the official documentation. Or another way is there to break out the freaking thing
I got stuck here, can anyone help me to move forward ?
Switch to inspect mode
So I was thinking because of the shell I got was a dumb shell so I cannot access to the console ??. And the reverse shell is highly unstable, every time I execute some specific command it always return 502 status code for me.
Is anyone else having constant 502 in the g***** page?