Foothold/User: read carefully output from initial enumeration. After you understand what you can do, be curios to see where you can look into. When you arrive in a certain place the steps to gain access to box are simple, basic exploit
Root: classical enumeration script will let you know where to look into. There are several ways to conclude, all documented in google.
OK Rooted. As been said before root easier than user. Must be a multitude of ways in but you can do the whole box with a popular framework in about 2 mins.Fun box tho, enjoyed it.
C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system
User
Keep it simple, read your scan output. You’ll find something that helps analyze everything you’re seeing initially. Once you find the first big clue use that information to auth and then normal enumeration should grant you a user shell. Remember to read exploit code!
Root
As mentioned earlier, the vegetable will lead you to success. Make sure to read every line. Once a certain ability sticks out click the associated link and the example will be right in front of you.
The actual foothold isn’t hard once you get the right path. Root is very simple once you do your standard parts. Be careful to not go too far down the route of breaking ha… i mean hearts… that’s only going to cause you pain later.
I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?
I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?
Try a different shell , im assuming your using a php shell ? either create one for m********t or use one that will work on any os. I have got it to work both ways.DM me if you are stuck.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)
Anyone willing to ping me with a nudge on footholds? I’m still learning (only been doing literally any hacking for about a month, if that). I’ve done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I’m over thinking this and a nudge would be very helpful.
I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?
Try to change your method, and find another way to have it.
any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz
any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz
on the beta domain that you’ve found, use what you’re given with info from nmap and you’ll be presented with useful info which will be super obvious when you see it. Trying to be a little cryptic lol. DM if you need more help.
stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?
Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.
stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?
Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.
I saw something for the SMB version, but I after reading the exploit, it looks like something I would need to use to escalate priv’s to root after I’ve gotten the foothold
stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?
Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.
I saw something for the SMB version, but I after reading the exploit, it looks like something I would need to use to escalate priv’s to root after I’ve gotten the foothold
You’re not looking for a ready exploit just yet. Try enumerating some more, it will click at some point. Otherwise you can always DM for a more specific nudge.