Json

HTB Content Machines
, ,
281

Good box. Had read the techniques used for user before, but this was the first time I had had a play.

It took me ages sending the payload in blindly. Even after testing with a ping payload with -t to the builder, I hadn’t noticed that the IP had changed on my VPN so pings were going elsewhere.
DOH :slight_smile:
Once the IP address was set correct, surprisingly ping and the reverse shell started working (error message on receipt of payload still)

I couldn’t get the vegetable to work. When I ran it, the whole system slowed down, and the payload was never executed.

The other method (probably the intended method), although my other experience in that area was with nest earlier this week, isn’t so difficult in reality, once you have some useful tools installed.

So I have login credentials, although never really created a remote shell for the privileged user as such, but got the root.txt

282

Any idea how to really approach this box? I found user a**** and the 2*************** on the backend. Not sure where to use it because it fails from all attempts.

EDIT: disregard, I’ll see if i can make this box talk back to me lol

283

I need a tutor for this one :confused: please PM me if you have the time to babysit…

284

@coldpenguin said:
The other method (probably the intended method), although my other experience in that area was with nest earlier this week, isn’t so difficult in reality, once you have some useful tools installed.

I assume you’re talking about looking at the S****F** program? I agree that probably is the intended method. There is actually a third method too though, not sure if it was intentional or not, but its my personal favourite out of the 3 methods I know of to get root on this box.

285

Hi guys need some help with root, I found these hashes related to ftp and I failed to crack them with hashcat, not sure what I am doing wrong… also what’s this thing with vegetables? could someone pm me with a hint? Thanks

286

Is a Windows VM required to pop this box? can it be done without it?, wanna know before i spend time and resources my rig cant spare, before i tackle this one :slight_smile:

287

Nice, not trivial.

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

c:\Users\superadmin\Desktop>whoami
whoami
nt authority\system

Hack The Box

288

Rooted! Cool box, my second windows box in a long time was rusty and had to download VM box server 2012, i was struggling without it, but once i got it, it was smooth sailing :smile:

289

Good box, not truly enjoyable like other boxes here, but definitely made me learn some new things.
user part was tougher than expected and eventually i opted for the path of least resistence, using windows for payload generation.
Root was way easier than user…

290

Very fun box personally. You don’t need windows to generate the payload for user, just the example payload, a text editor and a certain bash tool :wink:

291

Type your comment> @dawnowler said:

Very fun box personally. You don’t need windows to generate the payload for user, just the example payload, a text editor and a certain bash tool :wink:

Yes, or the good Burp Extension :slight_smile:

292

Fun box. Had me, like @coldpenguin said, kicking myself for the user/pass on the web to get the bisquet.

That was the thing that by far took most my time. Guess i am not the obvious guy.

@VbScrub Interresting reading in your writeup

293

Can someone pm me? definitely need a nudge. i know they’re about to retire this box but i’d still like to understand how to actually approach this one. so far i have the first set of useless creds found via burp and i’m following the burp trail but it’s not really getting me anywhere. I also have ys*****l and DS but they are not finding any vulnerabilities. can someone help me understand the foothold?

294

Rooted, great box, learnt a lot. Many thanks to @VbScrub and @unmesh836 for the nudges. I am glad to get this one done before it is retired.

User is definitely more difficult than Root, particularly once you use the nice veg.

295

Can someone send me a nudge for payload format / escape chars? I am able to get a ping back and I believe I was able to create a tmp folder. Not able to get a Downloadfile or certutil working to get to the next step. Thanks in advance!

296

Type your comment> @GrimMatchStick said:

Can someone send me a nudge for payload format / escape chars? I am able to get a ping back and I believe I was able to create a tmp folder. Not able to get a Downloadfile or certutil working to get to the next step. Thanks in advance!

This may help you:

297

Trying to priesc with jp,however, every c**id i’ve tried throws error 10038, can someone please send me a nudge ?

298

hi, need some help with the foothold. I think i know with what… but not sure. Thanks

299

I wanted to see how far I can g before this box gets retired. I’m stuck at foothold.
I can get a ping back from the box. I think I was able to upload the nc.exe and execute powershell with it. but in my nc listener I get only the powershell “header” back. no actual shell I think. there is no “C:Windows …” and when I type common commands nothing happens.
Is there something wrong with my command or to I’ve to type a certain command in the powershell to get the actual shell?

Any hints?

EDIT: got foothold :slight_smile: just use “normal” shell :wink:

300

Type your comment> @theonemcp said:

I wanted to see how far I can g before this box gets retired. I’m stuck at foothold.
I can get a ping back from the box. I think I was able to upload the nc.exe and execute powershell with it. but in my nc listener I get only the powershell “header” back. no actual shell I think. there is no “C:Windows …” and when I type common commands nothing happens.
Is there something wrong with my command or to I’ve to type a certain command in the powershell to get the actual shell?

Any hints?

EDIT: got foothold :slight_smile: just use “normal” shell :wink:

Just do it using cmd, powershell won’t work nicely in this box