Wall

HTB Content Machines
704

I ran the exploit was unable to get a polling token back:
+] Logged In Sucssfully
[+] Retrieving Poller token
[+] Poller token is :
[+] Injecting Done, triggering the payload
[+] Check your netcat listener !

checked the NC listener and no connection was made just listening.

705

Hi all,

I’m embarking on a journey of learning with these machines. The one bit I’m struggling with is the modification of the exploit code to enable it to work.

Various training material including the OSCP videos tell you exploitation code needs rework but does not tell you what needs changing.

Is anyone able to PM me some pointers on what I need to change?

Thank you

Mikey

706

Rooted from www-data. Try to get user from www-data now…

Funny box, i’ve learned some tricks, thanks to @askar !

Feel free to PM me for hints.

707

Hi everyone,

I think I’m close to getting the initial user shell using the rce however I can’t figure out how to avoid the space character. I understand the exploit and the wall problem but how can you run commands without whitespace?

I get the response printed out so I can see where it’s failing and i tried the two encoding characters but still can’t get it to execute a reverse shell.

Could someone give me a nudge?

Cheers

708

Hi everyone,

I think I’m close to getting the initial user shell using the rce however I can’t figure out how to avoid the space character. I understand the exploit and the wall problem but how can you run commands without whitespace?

I get the response printed out so I can see where it’s failing and i tried the two encoding characters but still can’t get it to execute a reverse shell.

709

Need help, what dictionaries should i use for the m********* :frowning:

is there someone that i can PM for this? hehe

710

Type your comment> @mcz said:

Need help, what dictionaries should i use for the m********* :frowning:

is there someone that i can PM for this? hehe

Nevermind, just got the first step goal :")

711

Guys. im relatively new to this field. i took up CEH but found not useful for the $ paid. so i had explore myself to learn more and found HTB. now i am as good as a clueless dude(even the invitation code was assisted by googling). So my question is… how can i view the existing free machines by their “difficulties” sorting from easiest on the top and hardest on the bottom. also would like to know how the “difficulties” is being classified.

712

Finally rooted after a week initial hold was tough(i.e Reverse shell) rest is the basic enumeration.
Hint: Don’t just rely on exploits see how they are working .
P.M for hints

Thanks alot @clubby789

713

İS PASSWORD CHANGE??? WHYYYYYYYY ???

714

Type your comment> @argot said:


If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.

There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.

Currently struggling how to bypass WAF (esc #), but there is one thing from the above quotation that troubles me. Once we figured out what VERBS are available, why would you use different VERBS if neither nikto nor nmap results showed those VERBS as potentially vulnerable, but as commonly used methods?

It would be great if anyone can PM me and give a brief explanation on that matter.
Thnx.

715

Rooted!
If anybody needs help, p.m. for hints.

Hack The Box

716

Really enjoyed getting shell. Rooted from www-data.

Feel free to PM for hints

717

I already solved this box.
But I have a question.
On the /C******* page, I used the h***a tool.
But can I get user account information without using this tool? Anyone who knows the answer would appreciate a message.

718

ROOOTEED :DDD @bumika thanx for everything you are my master :))))))

719

Did anyone get the user shell working?

I’ve spent 3 solid days on this and I’m starting to think it just doesn’t work. I get a connection back to my virtual machine, but any commands I type don’t show up.

My thoughts are that I’m not seeing them because of the pipe redirection.

A nudge please if you got pass this it’s driving me crazy.

Thanks

720

Type your comment> @Fl4st3r said:

Hello fellow hackers!
I’m trying everything I can think of to get a shell, I suspect the payload needs some tweaking, but can’t get it to work. I also tried escaping characters.
If anyone can help with this,a DM would be appreciated !

Edit: managed to get a connection back to my listener, but no shell, it just hangs with the blinking cursor .

Hi,

I’m stuck at the same point, did you manage to get round this issue?

721

I am at a section where I can enter the exploit manually. I do need some assistance with the format of the commands if possible. Please pm me?

722

Rooted, @bumika thank you very much for your assistance. I appreciate that your nudges were nudges and not just do this.

723

Rooted. Nice one, but a bit annoying. It took me really long time to recognize that the script had not only the e****** issues but also structural problems to be solved.
Root was really boring and took a long time, trying out ~20 exploits till i found the correct one.