Sneaky

@RevangelyonX said:

@Agent22 said:

@pentester720 said:
I too didn’t find ssh ports.

I enumerated and find, ssh is running … now I know everything like hostname, kernel version, installed services etc…But still not find ssh … :anguished:

Im at this point right now, I found “something” which helped me to enumerated more about this machine, I saw there’s an SSH somewhere (I saw the port but nothing works…)

The “translation IP” message just confused me… I’ve being trying something but still stuck on this.

Any help? =P

At this point, you already have everything you need get initial access. Be thorough, and think creatively (sneaky). You’ve already enumerated all UDP and TCPv4 ports, what else is there? If you already have an idea, but are having trouble figuring out where to start, does something you’ve already seen have the information you are looking for? Walk back and see.

I’ve enumerated everything I could imagine (TCP,UDP,sqli,dirb), I even tried the thc-ipv6 tools (alive6), but still no luck.

** Spoilers removed - Arrexel **

Can someone help me with a hint? I’m feeling a little lost right now…

Hack The Box

enumerate on SNMP …

** Spoilers removed - Arrexel **

** Spoilers removed - Arrexel **

Insane amount of spoilers in this thread. Please be more careful about what information you post about machines.

I just saw that comments were deleted by spoiler.
I really do not remember what I said, but I trust the judgment of the person who erased them.
I simply wanted to apologize if I could comment on something that would reveal information.

Still having trouble with this machine. I have enumerated all TCP/UDP ports and even SNMP. I see that SSH is running and a specific user is connected to it but don’t know what port. What am I missing?

@unknown084 said:
Still having trouble with this machine. I have enumerated all TCP/UDP ports and even SNMP. I see that SSH is running and a specific user is connected to it but don’t know what port. What am I missing?

Enumerate SNMP …dont ask here… google is ur bst friend ask to ur bst friend . :wink:

so i got shell but need a starting point to do priv esc …any hints ?..i tried uploadind a metrepreter payload an executing it …no luck i used .sh extension …any other leads?

@r41nm4k3r bof is required to escalate - or at least that’s what I did. I don’t know though if there is and another way…

okay

even i am stuck, i know what port is open, got the key, i know which port is dedicated on victim for the key, but stuck on the lock.

Try using a different tool to help you enumerate more information about the system, which will tell you how to find the lock.

So I have access but I’m trying to figure out where to start with BoF. This would be my first time using this route and is this a good box to go forth with it as a first timer? Any pointers to some guides on the process or how to?

@ipatchcables sneaky is definitely a good box to start with BoFs even if you haven’t a lot experience with them before. The BoF in this box is very easy/basic (check what executable properties are enabled :wink: ) and can be exploited using different techniques!
Good luck :+1:

smash the stack by Aleph one

Sneaky is probably the “easiest” of the few different BOF techniques on the HTB machines. Fairly straightforward and great to learn on.

■■■. I started the topic but still I got user :slight_smile: , I haven’t started the BOF though. maybe this weekend, but I really need a lot of info, about BOF topic. any links or suggestion for a beginner like me?

I have managed to log in and acquire the RSA key. I have tried to follow the hints given in this thread; i have performed different scans with nmap and a snmp-check. But i can still get no information on either which port to ssh to nor the ipv6? address.
Anyone care to give some pointers on what to look for?