user and root very easy
The exploit with the RCE I think has gone, maybe wasn’t the meant way to achieve a shell or maybe too many people abused it and nobody was using the second way.
Something has changed in the tunnel request it can’t return a property of the tunnel variable, the property is null, doesn’t exist 'cause the request is getting no results, must have be changed the URL path, in fact modifying it in the script gives other outputs (and I think with the correct one would start working again if it’s just a path problem and not others things are involded ex: another object being passed if the request is validate which doesn’t have that property anymore).
In my opinion is faster using the second way rather than struggle on how (if it’s possible) get the first one working again.
For people having difficulty with the c********* m******, there might be other solutions. Don’t get tunnel vision.
Type your comment> @dr0ctag0n said:
same error here,
tunnel = tunnel.group(1) AttributeError: 'NoneType' object has no attribute 'group'
I was having the same issue. Biggest nudge I could give I think would be to try something else.> @k3NETicHEx said:
Type your comment> @Lycist said:
Did something happen to this box? The RCE exploit that I used to get in yesterday stopped working, and gives a “Nonetype” object has no attribute group. which stackoverflow tells me means I’m getting no response on it.
This would be the RCE exploit. I know I’ve got the correct parameters in the script, as it worked previously.
(I have rooted the box)
Went to show it to someone else and it stopped working, any thoughts?
I thought it was just me. It was working for me as well but then once it had a reset, it stopped. Now i’m not sure if it’s the one i’m supposed to be using or not.
My wife always says trust your gut… If it doesn’t feel right, there’s a possibility google might reveal something more promising. > @Chrix87 said:
The exploit with the RCE I think has gone, maybe wasn’t the meant way to achieve a shell or maybe too many people abused it and nobody was using the second way.
Something has changed in the tunnel request it can’t return a property of the tunnel variable, the property is null, doesn’t exist 'cause the request is getting no results, must have be changed the URL path, in fact modifying it in the script gives other outputs (and I think with the correct one would start working again if it’s just a path problem and not others things are involded ex: another object being passed if the request is validate which doesn’t have that property anymore).
In my opinion is faster using the second way rather than struggle on how (if it’s possible) get the first one working again.
agreed. I’m currently working on root, and every time someone bricks the box, it takes only a couple minutes using the second way to recover back to my unprivileged shell. Kicking myself for wasting time on that thing. Btw, think I’m close to root if you got a hint for me… 
I think it has something to do with a “way to edit files”, and s**o but I’m not sure!
I actually went my own way and can confirm I have a reverse shell from just using an extension in the admin panel. Got user.txt…root coming in a few mins.
For everyone trying to use some public exploits, I managed to root this box without using any of them. There is at least one other way to get both admin access and RCE on the machine without using any script.
Type your comment> @joshkor40 said:
Type your comment> @UIDEQUALSZERO said:
is anyone getting the following error with one of their exploits today?
tunnel = tunnel.group(1)
AttributeError: ‘NoneType’ object has no attribute ‘group’It was working fine for me yesterday and I changed the parameter accordingly, PM me
Same here bro!
Just read the exploit carefully. Try to understand what it does.
A tip: Use a proxy like burp and understand why the error occurs and what you will have to change.
Can someone PM me with help on root? I know I am missing something super easy. Haven’t slept in a day, so that isn’t helping ha. I’ve got a reverse shell up now.
why resetting the machine i can’t find the right module to use in web app?
My friend is able to find the module on other server . The machines would look differents.
For initial admin access, if the exploit is not working check that path or maybe it is not the right one!!!
I can’t upload any package. They all give Name Errors. Help?
Thanks to @mogyub for helping me with a weird shell spawn issue! Not sure if something was going on in the machine. Kept getting asked for encryption keys and other odds and ends. Fun stuff! :bleep_bloop:
503 error occurs all the time today… you just can’t do much when the site is down! WTF is going on over there ?
Hi guys, I’ve found the admin login page but can’t seem to find the credentials. I’ve found a config.php file but its just blank and then every time I go to the homepage I’m getting a 503 error. Would anyone be able to help me and push me in the right direction please? Struggling to even get user! Thanks
@tomc5241 said:
Hi guys, I’ve found the admin login page but can’t seem to find the credentials. I’ve found a config.php file but its just blank and then every time I go to the homepage I’m getting a 503 error. Would anyone be able to help me and push me in the right direction please? Struggling to even get user! Thanks
Google’s your best friend. In these scenarios I like to try “{name_of_platform} exploit” and get to scrolling. Maybe you’ll find something?
Also the 503’s are plaguing us all. Happens when you’ve got a bunch of hackers hammering this thing. Just gotta wait… probably a reset on it’s way.
Finally rooted after far too long - to address some common issues people are having:
The reason everyone is 503-ing is that the site is being set to maintenance mode when people are playing with ‘Connect’. Uncheck the checkbox and it won’t happen.
Attempting to go the route outlined in Youtube Videos / Articles won’t work because the package isn’t accepted. Google [SERVICE]-tar-to-connect and use that to repackage.
Hope this helps!
I got access to admin panel but unable to get reverse shell after that, Can anybody help me?
EDIT: Got reverse shell and user flag.
Any help for root.
EDIT: Finally Got root, Thanks to @env and @MrSquakie for your help.
If anyone needs any help you can ping me.
Thanks to @ch4p and the HTB Team for the great gift at the end of the box. I’ve been waiting for this for a long time!
The box is very easy and you can use a lot of *.php files to edit them for getting a shell.
Finally got root.
This box was incredibly easy after researching the webapp but was by far the most unstable box I’ve encountered on HTB.
hints for user:
don’t rely too much on scripts or pre-made exploits. There is one you will need to get initial foothold, but to exploit web-app you can do it manually much easier after researching/enumerating the app.
hints for root:
this command should be one of the first things you run in any privesc enumeration. The output is slightly different from the usual boxes that I’ve seen on htb and the key is to understand the difference.
FInally got user and root! Thanks to everyone that helped, unfortunately I admit that I’ve lost a lot of time in a rabbit hole trying to use an exploit that, as I undestand, worked for some time but now it doens’t.
Anyway, here my two cent:
user.txt:
- Don’t lose to much time with the exploits. There is one useful, another that isn’t necessary and you can substitute with any shell. Google will guide you in the hacking of this application, look well and you will find how to hack it. Google Fu!!!
root.txt
- the easiest root ever so far. It’s basic basic basic enumeration, nothing difficult
PM me if you need any help!
I’m always getting:
AttributeError: ‘NoneType’ object has no attribute ‘group’
Anybody getting the same error for 3***1.*y
I set the necessary settings in the exploit.