Official Armageddon Discussion

16791112

Comments

  • I got initial foot hold with user a****e struggling with user, kindly DM if someone can assist.

    image
    Bug Bounty Hunter | SysAdmin | Cloud Architect

  • tmytmy
    edited April 15

    Rooted.
    This was a not so "easy" box, I get the medium rating now.

    uid=0(root) gid=0(root) groupes=0(root)

  • Hi,

    I have got the initial shell and have access to m***l credentials. When i try to access the db, i get access denied.
    Not sure what I'm missing here. Can anyone give a possible hint on how to move forward.

    ToxicJoker

  • I got credentials to connect to my***, with user drupalu*** in an interesting file, but when I try to connect I get no response, any help ?

  • Finally got the user, a little hint with my*** : put an "exit;" after any request and you see the output.

  • Rooted thanks to small help i needed from @alemusix

    User: after having a small foothold, just brute force.
    Root: The best tip i can give you - ignore errors, sometimes they dont represent whether you succed/failed run your payload.

    Hack The Box

  • can anyone help me with root?

  • Why am not able to authenticate to ssh [email protected]****@10.10.10.233 -p 22
    connection closed by remote host AM TIRED TRYING TO SOLVE THIS .........
    i even asked my friend the ssh autentication worked for him except me ..................
  • edited April 17
    > @SackOfHacks said:
    > Rooted this machine.
    >
    > Hints:
    > Initial foothold: enumerate the web app and use google
    > Getting a ssh session: find a user and keep asking access...
    > Root: ask what you are allowed to do and use that to your advantage
    >
    > All in all a fun box, a little different than the usual and definitely one of the more real-life ones out there. Thanks to the creator!

    am not able to get ssh session it says connection closed by remote host ...
    ssh brucethe************@10.10.10.233 -p 22
    Connection closed by 10.10.10.233 port 22
  • Got root, root was damn easy, did a lot of overthinking for user though.

    image
    Bug Bounty Hunter | SysAdmin | Cloud Architect

  • id

    uid=0(root) gid=0(root) groups=0(root)

    :)

    Overall, kinda a "meh" box in my opinion and closer to a medium, especially given the limitations in getting the initial foothold (if you got a revshell you'll understand what I mean).

    User

    Enumerate what is running + do some googling and you shouldn't have any trouble with RCE. Persistance may be troublesome, but try to "flow in" in areas of least resistance. Getting user.txt will take some additional enumeration/exploitation.

    Root

    This is what took me the most time, and ended up being the most annoying. From ~5 minutes after user it'll be clear what the vector is, but accurately weaponizing it is tedious and annoying. Easy to overthink, but once you know what you're doing don't overdo it. Google is also your friend here.

    Feel free to PM if you need a nudge.

    Unix fanboy
    Website: 0xAsh.io
    Ashh

  • Just Finished the Box. Send a message if you nedd hints! :)

  • edited April 19

    I'm stuck at a****e user, tried all my best with getting the db and I just couldn't get it, kindly if anyone can DM me for a solution...

    EDIT: Never mind, I found the solution.

  • Now i know how to build s*** pkg

  • edited April 20

    I'm working on root now.
    I know what Ubuntu specific tool i need to use, but i got 401 error.
    Any hint?

    EDIT: I'm root. I didn't need to use this whole dirty thing.

  • edited April 21

    finished the machine, If anyone need help, just pm me.

    sec77

  • edited April 21

    Got user. The very last step should be fast once you know what you're working with and can configure your tool (a few seconds). If you're having issues working with m*s** on the box, pack everything in a suitcase and take it outside.

    ..Got root. After getting user, simply check what "bigguy" things you can do with that user.

    Beyond that point it went fast but I have to go back to understand s*** out of curiosity. For the exploit itself, there's a certain popular source for..breaking out of stuff..that covers all the steps, though I had to change the payload slightly.

    Feel free to PM for hints.

  • Sometimes my curse of overthinking kills me. Got the root flag

  • I'm in as b********ea*a***n, have done some basic enum to see that there's a *n** exploit with the v2 already in the home dir. Running the v2 exploit fails for me with a 401 error. Looking on Google it and reading on here you can craft your own... I tried this in Kali but it failed and people have said to use a different environment.... I really don't want to install a new VM just for one machine.....

    Anybody that's not installed a new VM for this box able to help/DM?

    thanks!

    rancilio

  • edited April 22

    Type your comment> @rancilio said:

    I'm in as b********ea*a***n, have done some basic enum to see that there's a *n** exploit with the v2 already in the home dir.

    Eeeeh, unless I was blind when I did the box, I assume someone left his tools on the box and that folder shouldn't be there. In any case, I think you can build the necessary package on many distros, including kali.

  • edited April 23

    currently on as the a***** and found the m***l directory but stuck on how to get into it. I found the b************** but not sure where else to look. nudges?

    I got user flag. Working on this s*** and s**** thing and slowly going crazy

  • rooted, it is an easy box.

  • Type your comment> @devilray said:

    currently on as the a***** and found the m***l directory but stuck on how to get into it. I found the b************** but not sure where else to look. nudges?

    everything you need is where you landed.
    just look at the file's.
    find the creds for your next step.

    no need to go outside www, i did and found some things but they where also in the www.

    windows 7 10 is my rig :) if it can't be done on windows, i fail.

  • Type your comment> @djbrains said:

    Type your comment> @devilray said:

    currently on as the a***** and found the m***l directory but stuck on how to get into it. I found the b************** but not sure where else to look. nudges?

    everything you need is where you landed.
    just look at the file's.
    find the creds for your next step.

    no need to go outside www, i did and found some things but they where also in the www.

    I was able to find what I needed and got user flag. Thank you!

  • Can anyone help with root flag? Dirty-Socks not helping...

  • Type your comment> @secure77 said:

    finished the machine, If anyone need help, just pm me.

    @secure77 , I tried to message you on HTB, but it's saying invalid user...dumb system. I was going to ask which package creator you used. I tried FPM, like it says on GTFOBins, but I just keep getting errors.

  • Someone suggested to me, packing up the file on Ubuntu, so I'm going to try that. Said he spent forever tryin to get it to work on Parrot and Kali, but only worked on Ubuntu.

  • Rooted

    Incredibly dissatisfying as my google search yielded some forum that discussed spoilers :( Even after completing this box, it feels like I cheated...

    Anyway, it was not too hard but not too easy either.

    Foothold: CVE.. I thought it was too good to be true so I spent some time looking for something else. After realizing it was the CVE, it was easy. Obtained the shell manually but it was incredibly cumbersome to use so moved on to m**c******. Easy

    User: Found what I needed but couldn't connect to the service. This is where I found the forum. Anyhow, I found what I was missing. 'Buffered' vs 'Unbuffered' was something I was not familiar with. Once understood, it was very straightforward

    Root: Basic enum provided what I needed. Had to modify to create my own payload. Afterward, very straightforward.

    PM me for nudge.

  • Type your comment> @6062055 said:

    Type your comment> @secure77 said:

    finished the machine, If anyone need help, just pm me.

    @secure77 , I tried to message you on HTB, but it's saying invalid user...dumb system. I was going to ask which package creator you used. I tried FPM, like it says on GTFOBins, but I just keep getting errors.

    the first field of the message form is for receipts i think you have tried to enter there
    some "subject" ;)

    anyway i sent you a message

    sec77

  • Just got root. Big shout out to @x00future for the help.

    Foothold: CVE for this, search a popular tool when you know the service running.
    User: I had to force my way in...
    Root: basic enumeration to find out what you can do.....create the right environment to craft your OWN payload (it took me forever as I tried to use a default one for this priv esc method).

    DM if you need help.

    rancilio

Sign In to comment.