Posts: 30
Threads: 3
Joined: Aug 2023
(Aug 11, 2024, 05:53 AM)mazafaka555 Wrote: (Aug 11, 2024, 04:24 AM)fuckhackthebox Wrote: lol cheatlesian and niggerlte at it again
user: get some cuck htb employee to leak writeups to you so you know themes/revshell-main/rev.php exists by default (go check im not bullshitting)
root: basic command injection in the service on localhost:8080 (use an ssh forward)
LOL man. It's always funny to read your posts. 
and yeah.. this is what it means to have "appropriate friends" 
(Aug 11, 2024, 05:39 AM)DeDeLaPouille Wrote: For those asking me in DM for hints, i've got a 403 when i want to send an answer  . So I will answer here
Basically, for port forwarding you can check this : https://www.ssh.com/academy/ssh/tunnelin...forwarding
For OS injection, check for previous post, there is a lot of hints about it.
P.S : anybody knows how to solve my 403 problem with my DM ?
blacklist in DMs aren't allowing certain stuff like when you're trying 'php injections' (or what black filter thinks it is) or javascript and such.
you can put your code into pasterbin or related services instead and send a link toy it.
Ah thx !
Posts: 41
Threads: 2
Joined: Sep 2023
Posts: 6
Threads: 0
Joined: Nov 2023
Guys I have 2 question,
why didn't log poisoning worked here???
and
how to check what app (port 8080 app in this case) runs with what privileges, like how do we know the app on port 8080 is run by user root or geo or amay?
Posts: 8
Threads: 0
Joined: Aug 2024
(Aug 11, 2024, 05:24 AM)noobhumein Wrote: (Aug 10, 2024, 09:32 PM)l3rka Wrote: login page
http://sea.htb/index.php?page=loginURL
bro how you find WonderCMS lol please tell
you can find it by checking "sea.htb/themes/bike/README.md"
Posts: 6
Threads: 0
Joined: Nov 2023
(Aug 11, 2024, 01:26 AM)glock05 Wrote: Escape
;your_command;id
not working?
saw src (a bit) :
```
$suspicious_traffic = system("cat $log_file | grep -i 'sql\|exec\|wget\|curl\|whoami\|system\|shell_exec\|ls\|dir'");
} else {
```
i am trying to escape with " but it's not helping me.
Posts: 13
Threads: 0
Joined: Aug 2024
(Aug 11, 2024, 08:37 AM)noobhumein Wrote: (Aug 11, 2024, 01:26 AM)glock05 Wrote: Escape
;your_command;id
not working?
saw src (a bit) :
```
$suspicious_traffic = system("cat $log_file | grep -i 'sql\|exec\|wget\|curl\|whoami\|system\|shell_exec\|ls\|dir'");
} else {
```
i am trying to escape with " but it's not helping me. i have the same problem
Posts: 1
Threads: 0
Joined: Aug 2024
i am in as amay but no idea how to elevate to root. Please help. just started a week ago in pen so i have no idea what most of you guys are saying.
Posts: 3
Threads: 0
Joined: Aug 2024
Aug 11, 2024, 10:36 AM
(This post was last modified: Aug 11, 2024, 10:38 AM by lucifer_devil_003.)
hey how get amay user i have only www-shell.
any one please help me
how you get amay user
Posts: 26
Threads: 0
Joined: Apr 2024
(Aug 11, 2024, 10:55 AM)Loser123 Wrote: I am also stuck at www-data
no idea how to elevate now
look around in the system - i always give linpeas a try or go and search suspicious files by myself.
there is a database file somewhere on the host with ashed credentials.
many informations are already here, just start at page 1 This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Posts: 1
Threads: 0
Joined: Aug 2024
(Aug 10, 2024, 10:21 PM)ametah Wrote: i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.
remove the two '\' s to make the hash readable by hashcat.
$2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q
use the hashcat mode 3200, i.e hashcat -m 3200 hash.txt rockyou.txt
you'll get 'mychemicalromance' as the passwd for a user
|
