1NC39T10N

About

Username
1NC39T10N
Joined
Visits
510
Last Active
Roles
Member

Comments

  • Not sure how to handle the cipher...
  • Really enjoyed this box. I'm not sure that I did root the intended way. Likely multiple paths forward there. Tip for user: the box is named JSON for a reason. Find it. Make it talk back.
    in Json Comment by 1NC39T10N September 2019
  • Type your comment> @sayanthanpera said: (Quote) Me too. Don't see a way to escape. Found a few sensitive "settings" thereafter. Seems like they would be useful against the va***, but I cannot seem to arrive at the correct user/pw combo…
    in Craft Comment by 1NC39T10N July 2019
  • I'm so close to root. I see "comando", but am having problems triggering it. Can someone who has completed this step DM me. UPDATE: rooted. You need to be a bit patient once you have it. I was expecting it to trigger every X amount of sec…
    in Haystack Comment by 1NC39T10N June 2019
  • Very nice box @jkr . Root is tricky to find if others are not on the box IMO. Use the tool already mentioned to monitor processes, but generate traffic to the box while this is running using the VERY last step needed to get user. Observe the proce…
    in Writeup Comment by 1NC39T10N June 2019
  • I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.
    in Luke Comment by 1NC39T10N May 2019
  • I've "unlocked" the "door" to "everyones home" =), but not sure how to proceed. If someone's feeling gracious, I could use a hint. EDIT: got it. Just remember, you can be whoever you want to be one day...
    in Fortune Comment by 1NC39T10N March 2019
  • Wrong secret key! =( EDIT: Got it. Damn this box is hard. Cannot find that log file now.. EDIT 2: Found it. The key is the other vhosts with a www cname.
    in HackBack Comment by 1NC39T10N March 2019
  • Got Root. The obvious app is the path forward once you get user. Keep googling the app and you will find tutorials and conversations that will give you everything needed to get this box. * Find something juicy. * That juicy thing doesn't work out o…
    in Netmon Comment by 1NC39T10N March 2019
  • I'm trying to avoid spoilers. I might not have succeeded. Stuck at haha? * Run a normal gobuster on the 1 place where you are (/). Examine the results (there should be 5). Anything standout in terms of a name? Hopefully this will cause you to see…
  • Wow... this box. holes everywhere. Interesting path to user. Don't worry about the actual timestamp or the encoded one. The "timestamp" param is key, but not as a timestamp... Root requires some custom work. Fun box, but I think it probab…
  • Saw this today. Had to add it. Hint for that service on port 3000. https://hackerone.com/reports/489146
  • (Quote) No. They are tied to the webapp. Passwords are usually hashed right? Crack it.
  • I want to drop a bit of a hint on this box because a lot of people are not familiar with the intended first step and are basically bypassing the whole first part of this box, which is a shame because it's a hackthebox first and it's becoming extreme…
  • Rooted. Loved the box. Hints: * No brute force is necessary * It is possible to get RCE (hard), but much easier to find creds * You have to partially guess a username
  • EDIT: user is tricky.
  • (Quote) Yes!
  • This is a new initial foothold for me and I'm still not able to connect to the damn box. I want to make sure we all found the same stuff. Enumerating a common U** service on port 1** will provide two pieces of info: A list of 4 possible users: Gu*…
  • I think that is where pretty much everyone is stuck
  • I'm also going for OSCP. Done with labs. Planning to take the exam in the next month. Would like to join a team. https://www.hackthebox.eu/profile/79963
  • (Quote) Maybe. I tried it as the PW and username:PW but didn't get a connection. Not sure yet if it is my setup or the creds are invalid Edit: found a list of users (same place as plaintext key). Still looking for passwords
  • (Quote) I think I'm at the same spot. I found the "Key" and I'm trying to get the connection setup but looks like I might also need a username and password in addition to the P** Key but I'm not seeing anything. I would expect to at least…
  • I'm on the second login page on iv--/login. I have the two creds. I've only been able to find 1 valid username (lo--). I know part of the second cred is not correct and it needs to be switched out with some value in a standard wordlist (think it is …
  • Curious what tools everyone used to crack the password on the ba****.7z file. Apparently I haven't cracked many .7z compressed files. I'm on a non-GPU Kali VM so john is my defacto, but I cannot get the hash into an acceptable format.
  • (Quote) I'm still an idiot I guess! I can see that is encoded and can decode it to see the salt and hash, but I cannot see anyway to "pass the hash". I don't have a lot of experience with LD** though. Any hints here?
  • I'm lost on the priv esc to root. I thought it the issue was going to be something "wild" with the "extraction" or something down the wrong binary "path", but I cannot get either of those two attack vectors to work corr…
Avatar

Howdy, Stranger!

Click here to create an account.