Official Time Discussion

@L4c3fer said:

kindly please give me some hint.i’m still in a deep rabbit hole.can advice is appriciated.

Any hint? Ok - use nmap to find open ports, when you find an open port, look into it and see if it has anything you can use to exploit the box.

If that isn’t much use, it might help if you give an idea of where you are, what you are trying to do, what has failed and, ideally, why the previous hints haven’t helped.

@TazWake didn’t get Json dese******* exploit that work

@L4c3fer said:

@TazWake didn’t get Json dese******* exploit that work

I am not sure I used an exploit you’d describe that way. The one I used was based on googling the error messages.

Could someone give me a nudge on the CVE? I googled the hell out of the error messages and I tried all CVE PoC’s i could find, and none work. I don’t know what I’m looking for anymore.

@Foxar said:

Could someone give me a nudge on the CVE? I googled the hell out of the error messages and I tried all CVE PoC’s i could find, and none work. I don’t know what I’m looking for anymore.

The one I used has the last five numbers add up to 18.

hi @TazWake, can I PM you, can you give me sanity check on the exploit?

@blackbrownco said:

hi @TazWake, can I PM you, can you give me sanity check on the exploit?

Yep.

thanks @TazWake for the nudge! the box has been rooted!

Think I need a nudge. I’m trying not to follow advice I don’t understand, and I’m currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it’s intended. I don’t know how to exploit it and all my ideas have failed.

I’ve narrowed it down to 5 or 6 CVEs, and I feel pretty confident that my own process would have led me to look these up sooner or later based on the errors I’ve uncovered. I have a generic question about CVEs. The ones I’ve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities. How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I’m not quite at the point where I want to pore over 800 lines of someone else’s code to solve this box unless that’s actually what you all did, and after 5 pages of forum posts, I’m guessing that’s not the case.

@leadOctopus said:

Think I need a nudge. I’m trying not to follow advice I don’t understand, and I’m currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it’s intended. I don’t know how to exploit it and all my ideas have failed.

The best thing I can suggest is the same as the previous answers - try something, look at the error, google the error.

This will, eventually, narrow it down to one.

The ones I’ve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities.

This is fairly common. There is a constant debate about how much information people should include within a CVE disclosure. Some high profile security people feel it helps attackers too much if it contains anything useful.

Part of the argument about HTB’s ratings is based on how well any relevant CVEs work without modification/research. This is a medium box, so there will need to be modification to the public exploits to make it work.

How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I’m not quite at the point where I want to pore over 800 lines of someone else’s code to solve this box unless that’s actually what you all did, and after 5 pages of forum posts, I’m guessing that’s not the case.

I am not a hacker, so I don’t want to guess how other people work, but in general, the process is reading through and poring over the code.

With this box, I’d suggest trying the CVEs you have. See if they should work, then see if you can get them working. I found the initial steps narrowed it down to one, which made it easier to eliminate the bits which worked vs the bits which didn’t.

User took me ages and it was one of the first exploits I looked at that I needed to use. Went away from it for a few days and came back, tweaked that one a bit and got in. Root took about half an hour and most of that was automated.

Hello! Its the first box i am doing. I read all hints here but still I cant find the correct CVE for user. After founding 2 error messages I narrowed the list of CVEs.
I have focused on a specific blog post and a corresponding github example, but I cant perform any RCE. So i have 2 questions:

  1. Can I PM someone so I can make sure that I am working on the correct CVE?
  2. Do I have to pass my exlpoit through burp? I was passing my exploit through the web form. Will burp make any difference? If yes, why?

Rooted. I do have a question about getting root though, I found that thing that repeats. It made sense. But where is it stated that it repeats? I just assumed.

Please can someone help me out to get user i"m struggling with validator.

I got it

Guys,I am a newbie in this. Can anyone of you help me ? I am not able to find the correct cve and exploit after that

I found the correct CVE , I’m unable to find any exploits or articles to understand more about this CVE.Any help would be appreciated

I think i’m on the right path but i’m new so if anyone can nudge that would be great. I know “where” the exploit is and the CVE.

I found java POC code, I think it’s for the right CVE. But I get errors when compiling. Can I get a hint?

@userp419 said:

I found java POC code, I think it’s for the right CVE. But I get errors when compiling. Can I get a hint?

You shouldn’t need to compile an attack for this. You can use an injection which calls your attack file.

Got user, then root, after a bit of fiddling with the payload. Enjoyed this one - worth getting to know how this really works, and how significant this class of vulnerability is.