@LightOrithm said:
Yea, I’ll give you that. I assumed it would start you off lightly but It doesn’t seem to be that way unfortunately- ah well…
If you can clarify what you are stuck on, it might be possible to give some help.
If you’ve completely hit a blank, I’d suggest trying the Starting Point labs or the Academy (not the box).
Thanks, I registered and then it was just the next thing it said to do Haha. I’ll have a look at the starting point labs. I’m near the end of the Doctors ~ Stuck on Injection without saying too much.
@LightOrithm said:
Thanks, I registered and then it was just the next thing it said to do Haha. I’ll have a look at the starting point labs. I’m near the end of the Doctors ~ Stuck on Injection without saying too much.
Ok. What you need to do is make sure you’ve done enough enumeration to fully understand what gets processed where. You need to make sure you have looked at all the responses from the server to have an idea of what types of injection are likely, then try them.
Once you work out the right type, there are online payloads which work perfectly to get you a shell. (Albeit with minor modifications)
I have tried * but cant seem to get anything, am i missing something??
@LightOrithm said:
I have tried * but cant seem to get anything, am i missing something??
Its likely you have missed the page where the injection is triggered.
back again working on the machine.
i’m encountering some weird stuff -
after
i’m getting kicked out after a minute with no options to change the sec****.y**
file or run the train console.
is there any workaround for this ?
I’m know my way to shell, but can’t manage to send the payload.
any thoughts ? @TazWake
@aimforthehead said:
back again working on the machine.
i’m encountering some weird stuff -
aftersudo do**** ex** -it aimforthehead bash
i’m getting kicked out after a minute with no options to change the sec****.y**
file or run the train console.is there any workaround for this ?
I’m know my way to shell, but can’t manage to send the payload.any thoughts ? @TazWake
Hmm - I don’t think I understand your attack here. Is this for privesc?
@TazWake said:
Hmm - I don’t think I understand your attack here. Is this for privesc?
Based on the command, he probably is talking about the Laboratory machine
@mrg3ntl3m4n said:
Based on the command, he probably is talking about the Laboratory machine
Ok, that makes a bit more sense. Still quite different from the command sequence I used 
Im doing something wrong and cant for the life of me think what or why haha I have everything ready - nc, a*****, but nothing is showing up.
got user s****
any hint for privesc , ?
i know s****k is the way…but how, to put approach!
@in3vitab13 said:
got user s****
any hint for privesc , ?
i know s****k is the way…but how, to put approach!
Well you probably want a local privesc attack.
Hi,
Can someone help me get shell?
I know the right exploit, and I know how to trigger it. I can execute commands with it and get the output. But if I try to run reverse shell command, I don’t get any connection. I am able to send output of commands to my nc, but not the shell. Have tried different shells but without any luck.
@artgarm said:
Hi,
Can someone help me get shell?
I know the right exploit, and I know how to trigger it. I can execute commands with it and get the output. But if I try to run reverse shell command, I don’t get any connection. I am able to send output of commands to my nc, but not the shell. Have tried different shells but without any luck.
It might be a simple syntax error.
Funny box, foothold not easy - It took me 3 full days but I learned a lot 
It was simple mistake, because of which I wasted a lot of time to get shell. User part was straight forward, just enumerate. And root took a while to notice, just remember what was on the nmap. But I finally got root. Thanks everyone!
Hey all, tackling my first box on HTB.
Trying to get foothold.
Any help would be great!!
Thank you!
@archer23 said:
Hey all, tackling my first box on HTB.
Trying to get foothold.
Look closely at all the information you have. Something is slightly different from what you’ve used.
Type your comment> @TazWake said:
@archer23 said:
Hey all, tackling my first box on HTB.
Trying to get foothold.Look closely at all the information you have. Something is slightly different from what you’ve used.
Is there some sort of method besides altering “H***:” in the request to find the thing?
@archer23 said:
Is there some sort of method besides altering “H***:” in the request to find the thing?
Well, you can update the file on your system so you can just make normal requests in your browser.