Official Time Discussion

Think I need a nudge. I’m trying not to follow advice I don’t understand, and I’m currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it’s intended. I don’t know how to exploit it and all my ideas have failed.

I’ve narrowed it down to 5 or 6 CVEs, and I feel pretty confident that my own process would have led me to look these up sooner or later based on the errors I’ve uncovered. I have a generic question about CVEs. The ones I’ve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities. How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I’m not quite at the point where I want to pore over 800 lines of someone else’s code to solve this box unless that’s actually what you all did, and after 5 pages of forum posts, I’m guessing that’s not the case.

@leadOctopus said:

Think I need a nudge. I’m trying not to follow advice I don’t understand, and I’m currently all out of ideas. I know where the vulnerability is and I know how to use the vulnerable functionality in the way it’s intended. I don’t know how to exploit it and all my ideas have failed.

The best thing I can suggest is the same as the previous answers - try something, look at the error, google the error.

This will, eventually, narrow it down to one.

The ones I’ve looked up for this vulnerability all seem too vague to be really informative to me but they all have relatively high severities.

This is fairly common. There is a constant debate about how much information people should include within a CVE disclosure. Some high profile security people feel it helps attackers too much if it contains anything useful.

Part of the argument about HTB’s ratings is based on how well any relevant CVEs work without modification/research. This is a medium box, so there will need to be modification to the public exploits to make it work.

How do experienced hackers approach CVEs like these (without spoiling the machine)? There are github links to the actual changes, but the one I think is the vulnerability on this box consists of 20 something commits, and I’m not quite at the point where I want to pore over 800 lines of someone else’s code to solve this box unless that’s actually what you all did, and after 5 pages of forum posts, I’m guessing that’s not the case.

I am not a hacker, so I don’t want to guess how other people work, but in general, the process is reading through and poring over the code.

With this box, I’d suggest trying the CVEs you have. See if they should work, then see if you can get them working. I found the initial steps narrowed it down to one, which made it easier to eliminate the bits which worked vs the bits which didn’t.

User took me ages and it was one of the first exploits I looked at that I needed to use. Went away from it for a few days and came back, tweaked that one a bit and got in. Root took about half an hour and most of that was automated.

Hello! Its the first box i am doing. I read all hints here but still I cant find the correct CVE for user. After founding 2 error messages I narrowed the list of CVEs.
I have focused on a specific blog post and a corresponding github example, but I cant perform any RCE. So i have 2 questions:

  1. Can I PM someone so I can make sure that I am working on the correct CVE?
  2. Do I have to pass my exlpoit through burp? I was passing my exploit through the web form. Will burp make any difference? If yes, why?

Rooted. I do have a question about getting root though, I found that thing that repeats. It made sense. But where is it stated that it repeats? I just assumed.

Please can someone help me out to get user i"m struggling with validator.

I got it

Guys,I am a newbie in this. Can anyone of you help me ? I am not able to find the correct cve and exploit after that

I found the correct CVE , I’m unable to find any exploits or articles to understand more about this CVE.Any help would be appreciated

I think i’m on the right path but i’m new so if anyone can nudge that would be great. I know “where” the exploit is and the CVE.

I found java POC code, I think it’s for the right CVE. But I get errors when compiling. Can I get a hint?

@userp419 said:

I found java POC code, I think it’s for the right CVE. But I get errors when compiling. Can I get a hint?

You shouldn’t need to compile an attack for this. You can use an injection which calls your attack file.

Got user, then root, after a bit of fiddling with the payload. Enjoyed this one - worth getting to know how this really works, and how significant this class of vulnerability is.

I just got user extremely easily. I think there was something running from someone else. Or is it meant to be that easy?

@TazWake said:
@userp419 said:

I found java POC code, I think it’s for the right CVE. But I get errors when compiling. Can I get a hint?

You shouldn’t need to compile an attack for this. You can use an injection which calls your attack file.

i saw your post and i said, i did this but why it didn’t work at all? hmm…
then i spend a little more time tweaking my inject script, and foolishly after examined it more closely i got a stupid typo on it. :cold_sweat:
thanks @TazWake your post keeping me in the right track. :blush:

and rooted!
now ready to help anyone,PM me for any hint or nudge

The foothold of this machine was unexpected to me but it taught me to look at errors in my validation payloads. After searching errors you will probably reach j*n r g****b pa so just implement it with little modifications.
Root: enumeration scripts will show you unexpected file…
If anyone needs help can send me a PM.

I am getting a weird fail message. “lock: 3 exclusive write lock requesting for SYS” when trying to reverse shell? Anyone knows what is this? I googled it but couldnt find something

Hello!!! I’m a beginner and learning the methodlogies…Could u please anyone help me for reaching out the Time…I have done enumeration …But I’m unable to find out …

Type your comment> @Hackingbug said:

Hello!!! I’m a beginner and learning the methodlogies…Could u please anyone help me for reaching out the Time…I have done enumeration …But I’m unable to find out …

You will need to find a vanurability of the website. Try different inputs and you will see some errors. Googling the errors will get you the correct CVE.
(note: I tried many different CVEs to find the correct one.)

Anyone on to discuss root? Think I know how to get there, but can’t seem to get it working

Edit: Never mind… Got it

Hello, I am completely new. I have googled all that I can understand and I would love a PM if anyone is willing to nudge me in the right direction