Official Noter Discussion

to forge that… we need a secret key, right ? …

It is possible to crack the key using the same tool.

2 Likes

RTFM is key whenever you are able to log in as a different user!

oh well … I was using the wrong tool.
I guess I really needed to do a better research about the used backend and not just guess by looking at the co****.

Can’t think of anything to add to rocksxebec’s overview.

I did not expect the privesc and had to use a time machine to get the data I needed.

Thanks kavigihan for the fun box.

No space left on device

Feels bad man

So it is NOT what i think the cookie is ?

Your first guess about the cookie is probably wrong.
You really need to know what framework is in use.
Not shure if there is a tool that could show you exactly what it is.
I myself looked at everything I got from the server and guessed the right one. (maybe I was just lucky or maybe there does not exist that many for that language that is used)
After you have the name of that framework you would need to search for a specific tool for “forging”.

But currently I’m stuck again because of server issues.
First the flag inside the user.txt was not accepted (I guess you are not supposed to crack the hash inside).
And at the moment the site I need is just loading infinitely…

Edit:
Great … now I got root and the root.txt is not working either.
I hate it …

Edit again:
Solved my “incorrect flag”-problem by choosing another vpn-server.
For some reason the top right icon on hackthebox was also red, not showing that I was connected.
I guess I was using just old ovpn files … still wonder why I was able to connect to the Noter-server.

Yesterday the machine was at 100% full / , today is at 60%, so it seems that was not intentional

Stuck with file type. Trying to investigate about framework uploaling module. Can I find there smthn? There is also about protection.

@gnt48 you probably need the source code to continue.
Just ask yourself what lazy person(yes, that contradiction is intentional) might have a backup of it … and where.

Some hint on the privesc? somebody above said it is basic privesc, maybe I’m missing something obvious…

1 Like

A major hint on how you might approach the privilege escalation is subtly hidden away in the source code.

2 Likes

Hey someone can help me a little bit with user flag? :smiley:

Hi guys. Can you give me a hint for what type of c***** is used in the backend? because I thought it was a Js** W** To*** but I’m sure that it doesn’t

Thank you! you are totally right, but for those who never struggled with it before, I guess that the key is to make a good p****** enumeration and to see what they can do with that.
I think that that thing in source code is much easier/visible than the second part :stuck_out_tongue:

1 Like

You can read a lot of hints here on this thread:

  • s***** c*****
  • back-end technology (what is the programming language? Can you guess what is behind it?)
  • “forge / forging” (when you figure out the previous question, it shouldnt be difficult for you to find smt in google to resolve this step)

Thanks! That helped a lot. Now I know what type of c***** is

1 Like

hey guys, can you give me a hint for how to pop a shell?

Look at the source code and try running parts of it locally to see how it behaves. Checking how the code behaves should be enough to give you an idea on how to pop a shell.