Hint for HELP

FMisi · April 28, 2019, 12:57pm

This is a box that looks relatively easy, but I don’t see chance to get user.

Th3R4nd0m · April 28, 2019, 2:14pm

can somebody pls help me. I am going to punch myself. I was doing great. I managed to upload the php script, using the nullbyte. I ran the script for finding the link, and I found it. But just after I entered the link, someone restarted the machine. I can’t find the link now… help

Adamczyk · April 28, 2019, 4:25pm

got it, thanks @ghost0437 for support with getting the user

tips;

user, lowport route:
don’t forget to add the “/” at the end of the url

root:
no exploits needed, just run linenum and check what it found

Th3R4nd0m · April 28, 2019, 8:53pm

can somebody explain to me how to do it the higher port(3000) way?

keon · April 29, 2019, 5:27am

i cannot able to find the upload direc …any hint

supergirl · April 29, 2019, 8:08am

I got a file uploaded and I can access the file, but cannot get any command to execute. Please can anyone drop a hint, or I have to read through 25 pages here.

Edit: Got it. Thanks for the direction @Invert

McKernel · April 29, 2019, 5:23pm

Hi all,
Requesting any assistance with the low port method. I am pretty sure that I have the correct absolute path but I don’t know how to modify the correct parameter in the hinted at python exploit code that is mentioned throughout this post. Currently, I know not to believe the error messages, after I reading the source on GitHub I know what is happening. I think I am stuck on the time travel even though there are comments that say it is needed and not needed.

If anyone could please hit me up that has gotten this to work, I would really appreciate it. Been stuck for 2 days and I am running out of gas.

Edit: huge thanks to @PavelKCZ for the direction.

kecebong · April 30, 2019, 8:23am

Anyone kind enough to give little nudge for privesc?, should i go for kernel exploit ?

Edit: thanks to @PavelKCZ !

Dazdingo · April 30, 2019, 6:04pm

Hi,
This is my first time on hackthebox, and I’m stuck on getting root. I’ve looked through the comments, and people seem to be hinting at b***_******y and I’m not sure what to do with what I see. Any hint?

Edit: Rooted, Thank you @PavelKCZ and @Sy5surf for the help
Went with the exploit. I’m not sure how people got it without it.

mrZapp · May 1, 2019, 2:16pm

Hi,

Stuck a bit with this one, I hope someone has a tip.

I hope I don’t give up too much, but this is what happens.

I can easily find a valid file on the system. But when I adjust the payload (three different ways) to put it in place, I can no longer find it.

It would be great if someone had a golden clue for me so that I could continue or at least find and find the right solution.

Thanks in advance

Haxys · May 1, 2019, 6:16pm

Rooted! Thanks to everyone who gave advice. That being said, I’m pretty sure I didn’t use the creator’s intended route to root, so I’ll need to go back and play with it some more and see if I can find the “correct” route.

Great box!

If anyone is stuck, feel free to PM me and I’ll provide spoiler-free help. That being said… I won’t be much use for root until I figure out the “correct” way myself.

Edit: After reading a few of the write-ups from others who have rooted this box, it appears that my method for root was actually the same that they used. C’est la vie.

I would be glad to talk to anyone else who rooted this box to see if anyone used methods different from mine.

NIZOU · May 2, 2019, 2:06pm

some help for Help machine plz

Bkhh8412 · May 2, 2019, 6:53pm

Just rooted. It’s a tricky box, which i struggled for like 2 hours until i read and understood the code (if you remember TartarSauce from @3mrgnc3, “don’t trust the output!”). Didn’t even try the other port.

Here are my tips:

User: Enumerate files and directories as usual. Google about the app. Understand code. Tweak exploit based on your needs (where do you live?).

Root: Try your luck with a few exploits

nullkarbon · May 3, 2019, 6:07am

Trying to figure out the “high road” approach. I’m not really sure what to do with N****S. Any help would be appreciated.

Rayteur · May 3, 2019, 9:21am

Please stop reset the machine, it’s really annoying …

pakan · May 3, 2019, 12:32pm

I am stuck with this machine. I modified the python script to find the URL of my shell file but no luck.
Any help? DM please.
EDIT: Finally got user and root.

Spenge · May 3, 2019, 2:15pm

Solved, it was duo to a fault in the script that was used to decipher the files.

Thank you @PavelKCZ for pointing me in the right direction.

Let the rooting game begin.

barondune · May 3, 2019, 2:48pm

anyone available to help me. I was able to access the application url. but I dont understand how to get root.

ChugJugBot · May 3, 2019, 3:04pm

help none of the exploits work and I am ripping my hair out somebody please PM me help thanks.

MactheDice · May 3, 2019, 7:04pm

New to HTB, got my first box and now Help is my second box. I identified two ports with potential ways to get in. However, none of my attempts have worked, could someone message me so I can check to see if on the right track?

Topic		Replies	Views
Traceback Machines htb , traceback , active , traceback-htb	877	121624	May 19, 2023
Root hint for HELP Machines root , machine	9	1890	May 5, 2019
LaCasaDePapel Machines	696	109671	November 8, 2019
Sizzle Machines	164	20401	November 18, 2024
Official Driver Discussion Machines	72	9622	May 5, 2022

Hint for HELP

Related topics