I got found the hidden port and gained access to the resource and found an exploit for it. My issue is that i cant get it to fire and keep getting 404 errors. Any hints on what i could be doing wrong? You can DM me if you need to so we dont spoil to much on here.
I got This site canât be reached 
Even Ping is not working?
For those whoâs struggling to get a reverse shellâŚ
sometimes, you donât need a reverse shell⌠just ssh into the box⌠
1 Like
how just ssh?
Stuck on root, i forwarded the port 8080 and discovered a vuln on aiohttp. Am i on the right path ?
Yes, you areâŚ
2 Likes
Is it as easy to exploit as show in some PoCs ?
The exploit is already in the tmp directory. Can just edit the file and run the exploit.sh. Hope that helps.
Got a shell on the box⌠BB Cif payload worked⌠is the DB file hash a rabbit hole? SSH bruteforce? jw if im on the right track before I dive in.
No brute-forcing is required whatsoeverâŚ
There is an internal local port that you have to forward to access another platform and then use the other hints to find the root flag.
Its not required to forward. Run exploit in tmp on user enough
Can someone help me please. whenever I try to run the Exploit I get an Internal Server Error. I am so stressed lol
1 Like
you need to crack the user hash tho
2 Likes
dm me
User blood in 3 minutes? Who on earth has encountered a CIF file before? lol
4 Likes
IKR I found that insane as well
I agree, at least medium lol
I did it with a revshell but idk if is possible just with ssh Owned Chemistry from Hack The Box!
Finally 
Owned Chemistry from Hack The Box!
Summary
Here some tips:
Revershell: If you´re trying to get a revshell, thereâs a PoC.
User: Carefully review each directory presented to you
Root: Well, in this case chisel and nmap are good tools
Canât seem to exploit aiohttp trying several path transversal PoCs nothingâs working. Any hints?
Edit:
Iâm an idiotâŚ
Hint:
Double check ports & path on PoCs
1 Like