Official Sightless Discussion

Forward to localhost

I got an error after port forwarding. Any idea why that is?

“Easy box” root was way harder than i tought, dm me for anything

hello i am new to hack the box, i am configuring chrome inspect services, i put my probĂ© with all the ports of the remote computer and nothing happens only with mine, but it doesn’t show me any authentication. can anyone help me?

I was also getting a “Domain not configured” error using the ssh -L port:ip_address:port command. Using chisel’s reverse port forwarding seems to have solved it.

I have never worked with chisel
 I’ll loook for information.

Using chisel and still getting “Domain not configured”, I also used the /etc/hosts as someone suggested, and the tunneling over ssh of course. But still the problem, does anyone could give me a hint?

Just owned the machine :heart_eyes:

1 Like

For a**** subdomain, just point that domain to localhost (needs port forwarding to work)

i used chisel and ssh -L and both give me back domain not configured. This sucks

same. I think this isn’t a problem from our end but idk

Ok, now it works. I typed http://127.0.0.1:8080 instead on http://localhost:8080 and then it worked for me. Don’t know why this is tho

1 Like

I am on fr**** page and how do i need to login? is it a vulnerable with some CVE or there is different method. Please DM

Hey guys, I got no clue how to exploit after getting inside the a**** panel, I tried so many different payloads and could not even ping to myself, or download a file to make sure it works
 any tips on how I should structure the payload?

hello, i’m stuck at the login page of f***** can someone help me?

Hi.

I’ve gain access to root with an CVE, but i can’t find the flag.

finally

fun box. there are 3 different (but related) priv esc pathways. based on the box name it seems like the “sightless” vulnerability is the intended one but there is also a headless “inclusion” and an “inspect” one. Linpeas points to the last one

Privesc lag warning:

There is Significant delay in what you will be trying. Make sanity checks and see how long it takes for them to run.

I spent like 30 minutes confused as to why some things would work and others wouldn’t, but it was just me not being patient enough!