@thanow said:
Started this machine 2 days ago but still havent found the right CVE. Could anyone give me some hints? I would appreciate it
Have a look at the response you get from entering test data. Google key phrases. This will take you to a series of things to test to narrow down how it is processing your data. Then you will get the key phrases to find the exploit you need.
Type your comment> @ghostng said:
Type your comment> @duongsake21 said:
Machine response to me ā********* re**** *** SYSā, But donāt have any thing back to me. I donāt know it became by connection or i did it in wrong way
the first time i ran this it worked, now a few days later i am back and got errors like this as well as timeoutsā¦maybe thatās why this is called time?
headshake - it worked, checked my http serving directory, the errors here dont seem to necessarily add up, which makes sense because you are leverage processes in an unintended way.
rooted, fun box. initial enumeration was a pain. Like @TazWake said, google all the error messages and it will point you to the right CVE.
PM for nudges
Yes, i use CVE, i have rev shellā¦ connected but now? 
Little hint?
@tortellino said:
Yes, i use CVE, i have rev shellā¦ connected but now?
Grab the user flag, enumerate - enumscripts can be useful here. Find something, look at what it does. Modify it to your ends.
Yes, if i little help otherā¦ you image a two tunnel.
Now iām to going to root. Hint?
Itās my second box.
@TazWake said:
@tortellino said:
Yes, i use CVE, i have rev shellā¦ connected but now?
Grab the user flag, enumerate - enumscripts can be useful here. Find something, look at what it does. Modify it to your ends.
@tortellino said:
Yes, if i little help otherā¦ you image a two tunnel.
Now iām to going to root. Hint?
Itās my second box.
You need to enumerate. Itās hard to be any clearer without telling you which file to look at.
Oh, this one was very quick.
I think there is enough hints around here. However, as I saw some ppl complaining about having their root shell dropped, you should know that there is more than a way to get your shell right?
I also had this problem with my first approach (donāt know why), but my second try worked like a charm.
kindly please give me some hint.iām still in a deep rabbit hole.can advice is appriciated.
@L4c3fer said:
kindly please give me some hint.iām still in a deep rabbit hole.can advice is appriciated.
Any hint? Ok - use nmap to find open ports, when you find an open port, look into it and see if it has anything you can use to exploit the box.
If that isnāt much use, it might help if you give an idea of where you are, what you are trying to do, what has failed and, ideally, why the previous hints havenāt helped.
@TazWake didnāt get Json dese******* exploit that work
@L4c3fer said:
@TazWake didnāt get Json dese******* exploit that work
I am not sure I used an exploit youād describe that way. The one I used was based on googling the error messages.
Could someone give me a nudge on the CVE? I googled the ā ā ā ā out of the error messages and I tried all CVE PoCās i could find, and none work. I donāt know what Iām looking for anymore.
@Foxar said:
Could someone give me a nudge on the CVE? I googled the ā ā ā ā out of the error messages and I tried all CVE PoCās i could find, and none work. I donāt know what Iām looking for anymore.
The one I used has the last five numbers add up to 18.
hi @TazWake, can I PM you, can you give me sanity check on the exploit?
thanks @TazWake for the nudge! the box has been rooted!
Think I need a nudge. Iām trying not to follow advice I donāt understand, and Iām currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way itās intended. I donāt know how to exploit it and all my ideas have failed.
Iāve narrowed it down to 5 or 6 CVEs, and I feel pretty confident that my own process would have led me to look these up sooner or later based on the errors Iāve uncovered. I have a generic question about CVEs. The ones Iāve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities. How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and Iām not quite at the point where I want to pore over 800 lines of someone elseās code to solve this box unless thatās actually what you all did, and after 5 pages of forum posts, Iām guessing thatās not the case.
@leadOctopus said:
Think I need a nudge. Iām trying not to follow advice I donāt understand, and Iām currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way itās intended. I donāt know how to exploit it and all my ideas have failed.
The best thing I can suggest is the same as the previous answers - try something, look at the error, google the error.
This will, eventually, narrow it down to one.
The ones Iāve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities.
This is fairly common. There is a constant debate about how much information people should include within a CVE disclosure. Some high profile security people feel it helps attackers too much if it contains anything useful.
Part of the argument about HTBās ratings is based on how well any relevant CVEs work without modification/research. This is a medium box, so there will need to be modification to the public exploits to make it work.
How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and Iām not quite at the point where I want to pore over 800 lines of someone elseās code to solve this box unless thatās actually what you all did, and after 5 pages of forum posts, Iām guessing thatās not the case.
I am not a hacker, so I donāt want to guess how other people work, but in general, the process is reading through and poring over the code.
With this box, Iād suggest trying the CVEs you have. See if they should work, then see if you can get them working. I found the initial steps narrowed it down to one, which made it easier to eliminate the bits which worked vs the bits which didnāt.
User took me ages and it was one of the first exploits I looked at that I needed to use. Went away from it for a few days and came back, tweaked that one a bit and got in. Root took about half an hour and most of that was automated.