Official Doctor Discussion

HTB Content Machines
161

Type your comment> @TazWake said:

@Darkx10n said:

Okay I’ve checked out 80 fairly closely. I noticed all the pages are the same not matter what I click. I tried enumerating directories but no new info. What am I missing?

It kind of depends on how you are requesting them. They have the info you need to get past this issue.

Have a look at:

Official Doctor Discussion - #103 by Spunnring - Machines - Hack The Box :: Forums

Official Doctor Discussion - #110 by he110w0r1d - Machines - Hack The Box :: Forums

I feel like I am most likely missing something staring me right in the face. I edited my H**t-file to reflect the correct address of the box, but that hasn’t helped… I usually do that anyways so I don’t have to continuously enter the IP address. Can I PM you?

162

@Darkx10n said:

I feel like I am most likely missing something staring me right in the face. I edited my H**t-file to reflect the correct address of the box,

Double check this.

but that hasn’t helped… I usually do that anyways so I don’t have to continuously enter the IP address. Can I PM you?

Certainly.

163

Type your comment> @TazWake said:

@Darkx10n said:

I feel like I am most likely missing something staring me right in the face. I edited my H**t-file to reflect the correct address of the box,

Double check this.

but that hasn’t helped… I usually do that anyways so I don’t have to continuously enter the IP address. Can I PM you?

Certainly.

So i’m stuck i discover login page after edit /e…/h…, i can make register, but i cannot do nothing with this .

164

Excuse me, I’m totally beginner in the hack box.
I’ve already map this ip, get the site, but I can’t understand what to do next…
I find login page…
Can someone give me direction, what to do next?

165

can any one help me, this is not a easybox

166

I’ve been off of HTB for almost a year now. This was my first box back as I get back active. I just got root.

This was a good box to get me back into the swing of things. Thanks @egotisticalSW

167

Type your comment> @buridan said:

Excuse me, I’m totally beginner in the hack box.
I’ve already map this ip, get the site, but I can’t understand what to do next…
I find login page…
Can someone give me direction, what to do next?

If I were you I would watch a few of the IPPSEC videos on doign recon. This is a good one for recon: https://www.youtube.com/watch?v=JpzREo7XLOY&t=360

168

guys, is 8**9 port working? after i got shell cant access there anymore. already changed server and made reset, but still got an error: “connection reset by peer”. other things working good.

UPD: nvm, my stupid fault

169

Finally did it!!
It was not that easy.

Thank to everyone who gave nudge, I’ll give you respect in return :smiley:

170

@exord26 said:

So i’m stuck i discover login page after edit /e…/h…, i can make register, but i cannot do nothing with this .

Find a way to do something with this.

171

@buridan said:

Excuse me, I’m totally beginner in the hack box.

This is not an easy box.

I’ve already map this ip, get the site, but I can’t understand what to do next…
I find login page…
Can someone give me direction, what to do next?

You are probably looking at the wrong port.

172

Type your comment> @ps9786 said:

Type your comment> @buridan said:

Excuse me, I’m totally beginner in the hack box.
I’ve already map this ip, get the site, but I can’t understand what to do next…
I find login page…
Can someone give me direction, what to do next?

If I were you I would watch a few of the IPPSEC videos on doign recon. This is a good one for recon: https://www.youtube.com/watch?v=JpzREo7XLOY&t=360

Thanks for advise!

173

FINALLY GOT THE ROOT

Its not a EASY BOX ! MEDIUM !

Foothold: you really need to understand that only one machine ip is nothing, you need more, you need to show your system that ip is some domain. After that, you need to check everything !!! ALL!! source code, directories, fuzz, all and not will be enough after that, you may need a payload (just the name) on a github to display AllTheThings. But you need to check all inj ****, check one by one, like the github enumeration. (send me a message IF you don’t understand)

USER: After getting into the machine it’s the same! Enum Enum Enum with most commonly the small spherical seed or the pod of the fruit. you will find something interesting.

Root: This thing you found for the user, you can get root (go back to your enumeration services) through something.

Thank you all ! @egotisticalSW

Send me a message ! I’ll help !

174

Done!

If you need a nudge shoot me a DM here.

175

finally rooted that machine. got stuck on root for some time because of overthinking.
don’t overthink guys, root is really easy, just find it. user was the hardest part for me. all hints here enough to solve that machine.
thanks @limeternity and @TazWake for help.

176

Finally rooted, like @he110w0r1d I overthought root and did not try the obvious.

My thanks to @TazWake and @LMAY75 for the hints and tips.

177

i got RC by using S**i but i cant get Reverse shell any idea?

178

@nourmuj said:

i got RC by using S**i but i cant get Reverse shell any idea?

The normal approach would be to inject a reverse shell command. It might worth digging into why you cant get a reverse shell in more detail.

If it is failing, look at what is failing and why.

179

Would love a nudge. Pretty confident about the doctors injection and where it should be, I’m just struggling to find the specific point to administer it, if you catch my drift… would love some help! :slight_smile:

180

Type your comment> @nourmuj said:

i got RC by using S**i but i cant get Reverse shell any idea?

Some commands dont work as normal, try some other ways but you may have to hide the code.