do i have to split the e**l c****g payload into seperate messages for it to work because i keep getting a 500
Type your comment> @karimwassef said:
do i have to split the e**l c****g payload into seperate messages for it to work because i keep getting a 500
Didnt use that one , all the things have one that just needs an adjusted payload.
Currently have user but just wondered if anyone can tell me if S****k is the way to root ? have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
Thanks
@foalma321 said:
Currently have user but just wondered if anyone can tell me if S****k is the way to root?
Yes
have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
You need creds - don’t you have them?
Type your comment> @TazWake said:
@foalma321 said:
Currently have user but just wondered if anyone can tell me if S****k is the way to root?
Yes
have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
You need creds - don’t you have them?
No. guess i need to enumerate more…
Thanks for letting me know im on the right path.
seems like i do have creds, got it working but not executing payload yet more tinkering needed .If the quite exploit does infact work.
Type your comment> @foalma321 said:
seems like i do have creds, got it working but not executing payload yet more tinkering needed .If the quite exploit does infact work.
I can get it to run commands , have tried ping and have netcatted a file transfer, wrote a file…but cannot get a reverse sheel to pop…am i looking at this wrong ?
Type your comment
OK Have root flag and have RCE on box but cannot get a reverse sheel as root.So dont know if i can say ive rooted it.
@foalma321 said:
OK Have root flag and have RCE on box but cannot get a reverse sheel as root.So dont know if i can say ive rooted it.
If you have the root flag, you’ve achieved the objective of an HTB box.
If you can run commands as root, you’ve rooted it.
I think I just fundamentally don’t have the knowledge needed to approach this box. I’m in DSM obviously, and I’m aware of that service that can be used for local priv esc, but I’m unsure how to proceed.
No directories or files I’m able to fuzz seem useful. Tried some guess work with some certain names to see if anyone posted anything interesting, but nothing there either. I could rock the DSM but that seems dubious at best. Injection yields no result.
Whatever the foothold here is, I’m not seeing it.
Currently looking into W******g and things related, but I feel like I’m grasping at straws.
@RJGordon said:
I think I just fundamentally don’t have the knowledge needed to approach this box. I’m in DSM obviously, and I’m aware of that service that can be used for local priv esc, but I’m unsure how to proceed.
That might be distracting you. You aren’t looking for a local privesc at the start, you need to get a foothold and then you can privesc.
No directories or files I’m able to fuzz seem useful. Tried some guess work with some certain names to see if anyone posted anything interesting, but nothing there either. I could rock the DSM but that seems dubious at best. Injection yields no result.
It depends what you inject and where you look for the responses.
Its worth remembering, if you visit a web page and get a blank page, the server has sent something to your machine, otherwise you get a predictable error message.
Whatever the foothold here is, I’m not seeing it.
Currently looking into W******g and things related, but I feel like I’m grasping at straws.
This is the right path.
Type your comment> @TazWake said:
@foalma321 said:
OK Have root flag and have RCE on box but cannot get a reverse sheel as root.So dont know if i can say ive rooted it.
If you have the root flag, you’ve achieved the objective of an HTB box.
If you can run commands as root, you’ve rooted it.
Lovely ROOTED then thanks.
Well that was brutal for me. Thanks to TazWake for a nudge to point me in the right direction, and was able to get both user and root flags. Definitely not an easy box for me, but well worth the effort with what I’ve learned over the past few days.
Finally:
root@doctor:/# id
id
uid=0(root) gid=0(root) groups=0(root)
root@doctor:/#
When i try to open http://dxxxxxs.htb in kali 2020.4 i got this: We’re having trouble finding that site and instead http://blabla mozilla put http://www.blabla …on parrot i got this :Please log in to access this page. …and everithing is work fine …where si problem ?
You probably haven’t updated the hosts file.
This is way harder than I expected, i thought there would be a guide to assist you in some way. Why is this labelled beginner. I’m completely stuck
@LightOrithm said:
This is way harder than I expected, i thought there would be a guide to assist you in some way. Why is this labelled beginner. I’m completely stuck
To be fair, it isn’t labelled beginner as such - it says “easy”. That rating is because there is almost no requirement to use customised exploits.
Type your comment> @TazWake said:
@LightOrithm said:
(Quote)
To be fair, it isn’t labelled beginner as such - it says “easy”. That rating is because there is almost no requirement to use customised exploits.
Yea, I’ll give you that. I assumed it would start you off lightly but It doesn’t seem to be that way unfortunately- ah well…