“Upload the attached file named upload_nix.zip to the target using the method of your choice. Once uploaded, SSH to the box, extract the file, and run “hasher ” from the command line. Submit the generated hash as your answer.”
I’ve SSH’d to the htb-student account and tried to run xfreerdp only to find it’s not installed in the pwnbox. I also tried doing the same xfreerdp thing through a VPN connection on my kali linux only for the terminal to become unresponsive.
I have no idea where to go, I clearly have no idea what to do: any push in the right direction would be greatly appreciated, thanks!
ok, so i am uploading the file, I download the file onto my local machine and copy the text to a text file and then upload it with scp, i then run hasher and I get this hash
1219923e466ff7d194dc99a99da5b791 but it keeps marking it wrong???
The method I used was first downloading the file, then starting a http server on my machine, then SSH’d into the target and downloaded it.
Hope someone finds this useful.
How did you do the first question where we have to download the flag.txt file using python. I have tried https://<IP>/flag.txt and https://<IP>/root/flag.txt for downloading the files in both wget and curl but it is refusing connection.
I don’t understand what question is saying, how to download file using python from PWNbox or host machine.
Same hash, same problem with browser Pwnbox, I also couldn’t download .zip in pwnbox with wget and download link, but could ping academy.hackthebox.com, so I guess there are some restrictions to get files from internet or open links in browser.
Solution that helped me is:
1.) download upload_nix.zip on home pc (windows in this case)
2.) then get upload_nix.zip file Base64 with first lesson commands. Note! those PS commands could be blocked on work pc or pc with no admin rights, because of Constrained Language Mode. You can check your PS Constrain language settings with following command in PS:
$ExecutionContext.SessionState.LanguageMode
ConstrainedLanguage
In this case I have ConstrainedLanguage, so I cant use the HTB provided commands to encode file upload_nix.zip in B64. My suggestion is to use in PS certutil (just like real world hacking )
certutil -encode upload_nix.zip upload.b64
then:
cat upload.b64
Ignore -----BEGIN CERTIFICATE----- of cert and -----END CERTIFICATE-----, you need only B64 code inside.
Step 3. Copy command below in Pwnbox to decode B64 code in pwnbox to upload_nix.zip file:
echo -n ‘YourB64codeUEsDBA75fqG1gHXAAQABAGAAAABMAAAAAAA=’ | base64 -d > upload_nix.zip
)