Official Love Discussion

Spoiler Removed

Feel free to DM if you are stuck with a full explanation to what you did

Managed to root this yesterday evening… argh!!

The actual foothold isn’t hard once you get the right path. Root is very simple once you do your standard parts. Be careful to not go too far down the route of breaking ha… i mean hearts… that’s only going to cause you pain later.

Rooted, nice easy box.

Just avoid the s*** rabbit hole. Spent too much time on that.

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Type your comment> @jps3 said:

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Try a different shell , im assuming your using a php shell ? either create one for m********t or use one that will work on any os. I have got it to work both ways.DM me if you are stuck.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Type your comment> @Jier said:

Anyone willing to ping me with a nudge on footholds? I’m still learning (only been doing literally any hacking for about a month, if that). I’ve done all of the enumeration i can think of and dig into pretty much all of the subdirectories. i even did some sql enumeration for way too long. I definitely feel like I’m over thinking this and a nudge would be very helpful.

Have you checked your nmap results carefully ? another domain perhaps !!
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

Type your comment> @jps3 said:

I feel stupid for asking … but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from within that foothold cannot successfully transfer anything, say the nice recon script. Have had to do it methodically and manually via the simple foothold. Which seems to get removed periodically. The limit also precludes successfully transferring anything via either the same protocol or the old standby win file sharing one to use m-----c.exe. From others’ accounts it seems they breezed right through transferring typical foothold reverse shells, and so on. WTF?

Try to change your method, and find another way to have it. :wink:

any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz

Type your comment> @Liquid989898 said:

any nudge about foothold…i have been working on that beta domain…did some sql injection on main webapp but its te based so it is taking long te.i don’t know what to do with url sane*r.any hint plz

on the beta domain that you’ve found, use what you’re given with info from nmap and you’ll be presented with useful info which will be super obvious when you see it. Trying to be a little cryptic lol. DM if you need more help.

@rancilio thanks bro for help…i was totally ignoring s**f…

Rooted!! Fun Box

stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?

Type your comment> @cutterslim said:

stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?

Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.

C4rm3l0

Type your comment> @C4rm3l0 said:

Type your comment> @cutterslim said:

stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?

Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.

I saw something for the SMB version, but I after reading the exploit, it looks like something I would need to use to escalate priv’s to root after I’ve gotten the foothold

Type your comment> @cutterslim said:

Type your comment> @C4rm3l0 said:

Type your comment> @cutterslim said:

stuck on getting the foothold. I tried gobuster and nothing pops out at me. Am I chasing the wrong attack point?

Yes. You don’t need Gobuster or any brute force for that matter. Look at your nmap as stated above and try to think what other enumerations you could with the ports and services given.

I saw something for the SMB version, but I after reading the exploit, it looks like something I would need to use to escalate priv’s to root after I’ve gotten the foothold

You’re not looking for a ready exploit just yet. Try enumerating some more, it will click at some point. Otherwise you can always DM for a more specific nudge.

C4rm3l0

Is there anyone having issues with the shell? Every time I am getting a shell and the box will be unreachable. I know how to escalate, after many attempts to run the priv checks, but the user shell is unstable.

Type your comment> @joeldejo said:

Is there anyone having issues with the shell? Every time I am getting a shell and the box will be unreachable. I know how to escalate, after many attempts to run the priv checks, but the user shell is unstable.

There are a multitude of ways to get a decent shell, the easiest is create a php msfvenom payload for a meterpreter session then upgrade it to a decent one or just a decent php shell that will work on a multitude of systems there a mini one on github thats very good.DM me if you need more info.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

Rooted. One shell script worked better than the other two for stability. Was a fun box, figuring out the user part was frustrating because of where it is - like literally right there.