Official Love Discussion

For user :
Think basic and look at your nmap.
Try to analyze the service’s functionality and understand what could be done along with what’s exposed and whats not.

For root:
Easy privesc … use your scripts well and not much enum needed…

Have Fun!

Nice easy box,I like the foothold I didn’t think about it in first place and forgot about some other services running so had some time banging my head but overall I really enjoyed it

is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

just rooted: thank you @OldProgrammer for the root part.

rooted. any help. just dm. as always :slight_smile:

Type your comment> @Doncrek said:

is it normal, that I have all ports filtered? ?? this is first time that I face such a prooblem

Make sure that you are connected to the correct VPN package.

Rooted, it was a fun easybox!

Foothold/User: read carefully output from initial enumeration. After you understand what you can do, be curios to see where you can look into. When you arrive in a certain place the steps to gain access to box are simple, basic exploit

Root: classical enumeration script will let you know where to look into. There are several ways to conclude, all documented in google.

Thanks for the box!

Great Box. Root is straight forward (follow your process)

#User

  • Enumerate what is out there
  • You may get access denied… but does everything get 403ed?

OK Rooted. As been said before root easier than user. Must be a multitude of ways in but you can do the whole box with a popular framework in about 2 mins.Fun box tho, enjoyed it.

Rooted!

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

User

Keep it simple, read your scan output. You’ll find something that helps analyze everything you’re seeing initially. Once you find the first big clue use that information to auth and then normal enumeration should grant you a user shell. Remember to read exploit code!

Root

As mentioned earlier, the vegetable will lead you to success. Make sure to read every line. Once a certain ability sticks out click the associated link and the example will be right in front of you. :slight_smile:

Feel free to PM for a nudge.

Spoiler Removed

Feel free to DM if you are stuck with a full explanation to what you did

Managed to root this yesterday evening… argh!!

The actual foothold isn’t hard once you get the right path. Root is very simple once you do your standard parts. Be careful to not go too far down the route of breaking ha… i mean hearts… that’s only going to cause you pain later.

Rooted, nice easy box.

Just avoid the s*** rabbit hole. Spent too much time on that.

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Type your comment> @jps3 said:

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Try a different shell , im assuming your using a php shell ? either create one for m********t or use one that will work on any os. I have got it to work both ways.DM me if you are stuck.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Type your comment> @Jier said:

Anyone willing to ping me with a nudge on footholds? I’m still learning (only been doing literally any hacking for about a month, if that). I’ve done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I’m over thinking this and a nudge would be very helpful.

Have you checked your nmap results carefully ? another domain perhaps !!
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Type your comment> @jps3 said:

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Try to change your method, and find another way to have it. :wink:

any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz

Type your comment> @Liquid989898 said:

any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz

on the beta domain that you’ve found, use what you’re given with info from nmap and you’ll be presented with useful info which will be super obvious when you see it. Trying to be a little cryptic lol. DM if you need more help.