I’m past the isolated part of the machine and in the webapp of the main machine, but none of my reverse shells are working? I can curl my main machine and see the request, but I can’t seem to get a shell working and I don’t know why.
If you use the same cve script as me, the generate fails but the inject works.
Welp, finally rooted this machine. @adr_sal and @imPankajSingh helped me through this one as the very beginning gave me issues. I’m so bad at webapps! Regardless, I learned some interesting things to help me in the future and had a lot of fun with the rest. This thing is full of rabbit holes that I don’t know whether to laugh or cry at how much time I spent following them! Either that, or they’re actual points I just don’t know how to use. Still, lots of fun. I really love the setup of this box
Hello guys, I’m stuck in getting the reverse shell when uploading the file to port 443 (I’ve already got the creds and log in to the webmail), could someone help me pls?
After logging in, consider carefully reading the content you have access to. Maybe it gives you a hint on how to proceed.
Its hard to say it without spoilers. But lets say there are many places where you can put the credentials into. It could help checking winpeas output with this in mind.
I did, I also found the suitable CVE. I mean, my payload when injecting to the file isn’t work. I’m sorry for my previous misunderstanding sentence.
Edit: Get the reverse shell. Just reset the machine and it will work
I enjoyed this machine! A fun box that challenges your creativity…
The user is a little bit tricky, but the root is straightforward.
p0wny shell is your friend in both user and root.
Also thanks to @WKoA.
Waouu the user was the very difficult part , but the root is so easy
Yes. We could have had the user flag in some user of the linux machine instead.
It seems that all the hard work was left for the user flag.
But for sure was a fun box.
I would love a nudge.
I can access the webmail with credentials. But I am completely stuck on what the next step should be.
I tried exploiting the vulnerability indicated in the release note, but with no luck. And didn’t find any other sub-domains that could be attacked.
Depends what vuln you are talking about but if it’s one from the mail service it’s not the one.
If it’s related to needles, you have several method to use the poc, try some others
Do what Drbrown said but add some payload in
Thanks, I should have think of that with the message. But I am really not used to have a “social engineering” component in hackthebox machines.
This was very interesting box with quite a few little steps needed for going forward.
Frustrating foothold, simple root. Great stuff in between had fun enumerating, researching and ultimately pwning this one.
Did you find a solution? I tried multiple webshells in this location, but nothing worked.
strangest thing - I was on the windows server, with a certain file open and as it was open I saw the user/pass of the administrator be typed out in front of me. I see only one user on the box, myself.