rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
great box @polarbearer!
pm if you need a nudge.
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
great box @polarbearer!
pm if you need a nudge.
Type your comment> @camk said:
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
great box @polarbearer!
pm if you need a nudge.
this is a mad box… glad you rooted it! nice. ?
Rooted, i learned a lot. Pm me for hints.
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
@dragonista said:
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server
Type your comment> @HomeSen said:
@dragonista said:
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server
Mmmh, okay, found it ! Well… I’d like to make gobuster run still, but at least I can move on Thanks !
I’m a bit stuck as well. I slapped some hashes for a while but no luck there. However, poking at names got me an internal IP, but I’m really not sure how I could route myself into that subnet. Any tips?
@thecog said:
I’m a bit stuck as well. I slapped some hashes for a while but no luck there. However, poking at names got me an internal IP, but I’m really not sure how I could route myself into that subnet. Any tips?
Use the services the system provides to you.
Phheeew… great box so far, but really confusing ^^
I’m a**** now, retrieved some hashes from k****b but I’m a bit lost for the next steps. Most of the docs I find talk about Windows.
If anyone has either an idea or a good article to send in my direction, that’d be awesome
Edit : Rooted. I really enjoyed the beginning, I was new to this type of things. The privesc part had me crying
Oh my lord, my first hard box !
Dude, never messed with almost any of this things but bit by bit i was able to progress (not fast, but progress at least). Took me a WHOLE week, but i assume that when familiar with the technologies is not something out of this world !
But, without any doubt, an awesome box to learn new stuff and it was fun!!
Foothold: Oh boy, the hardest is to reach there (might need to hop like a rabbit)
User: well, if you look carefully when landing you can see that only you are missing the trio party ! use what you found in clear
Root: Quite straightforward if you know how to move in the 3headK world
If you need help, just reach out to me and i’ll try to help you out in the best of my capabilities
I am adding the root p******** into the k***** but it gets removed after a short time which does not give me enough time to a**h
Got it. Seemed to be an issue of convolution.
Great box. Learned lots, thanks.
Before I do anything crazy like instrument and compile the exact version of s**** to figure out how todo c**** p***** or req**** sm*******. I would like to talk about my current thoughts. Just like what has already been discussed in this thread I also can hit all i******* s******* but nothing seems to talk h*** so an s*** seems unlikely. Who knows maybe my enum is bad and I missed something. So I guess PM me if your willing to provide a nudge.
well, I recently rooted this box. My enum is bad and I really should feel bad. Additionally, You have to be really specific with your interactions with this really picky underworld’s authentication gatekeeper.
I’m stuck at priv esc. I know I have to get a***n first but not getting anywhere. I already tried to crack the hashes. I also tried fiddling with that unusual s***pt which belongs to a***n. SOS!
Type your comment> @psychohamster said:
I’m stuck at priv esc. I know I have to get a***n first but not getting anywhere. I already tried to crack the hashes. I also tried fiddling with that unusual s***pt which belongs to a***n. SOS!
After a long time I was able to look at this again. Getting user was as hard as I remember it but working through the typical attack steps gets you there in the end:
Find things, look into the things, exploit the things.
Getting root was actually easier IMHO - by the time I’d got user, I’d read so much about the thing I was attacking, the attack made sense relatively quickly.
Finally rooted. This honestly felt like and insane box to me
Foothold: Look out for the rabbit holes. Keep enumerate and climb the chain.
User: If you really want to attend the show you must have the ticket!
Root: At this point you should have understood the main theme of the box. On lateral step and then point straight to the finish line (enumeration tool should point you into the right path). Don’t panic if you’re not really into mythology, goole will help you!
Thanks for the box!
Could someone give a hand on a foothold part? I’m stuck with w***.r*******.***. Dont know how to get the needed file. IP is unreachable
Guys, I have 2 Questions. Can anyone please help me understand? I know box is retired but I’m just curious.
Here is ippsec’s video link: HackTheBox - Tentacle - YouTube
At 1:32:45, We are already entering the password for that user while creating a principal name. So, It is extraneous to obtain hash, right? Since we already know the password.
I know you are demonstrating if we can crack the hash.
2nd que is “can we add any user without a password? For privesc! In peculiar situations”.
Example: Let’s say instead of “admin” we add “root” without a password. So can we obtain hash for “root” using GetNPusers.py, like we did for “admin” or is it obligatory to enter a password for user when adding to database.