|
Nocturnal Hack the Box Season 7 (Linux Easy)
by RedBlock - Saturday April 12, 2025 at 06:18 PM
|
|
Creator Boxes:
Sea Chemistry Alert Cat Dog Code Overall, the boxes were interesting and offered something new in each one. http://nocturnal.htb/view.php?username=admin&file=FUZZ?
Apr 12, 2025, 07:35 PM
We can use this syntax to check our uploads:
nocturnal.htb/view.php?username=amanda&file=privacy.odt but i doesnt make my revshell work idk why, any suggest?
Apr 12, 2025, 07:41 PM
It doesn't work because of "Content-Disposition: attachment;"
We can see the admin's session by changing the username, but it has no files. If you try another user it says the username is not found, but with admin it works. Can be a clue (Apr 12, 2025, 07:35 PM)kkkgrukckhko Wrote: We can use this syntax to check our uploads: log into site as Amanda Download backup Dump the DB ssh as that user check local ports for interesting things
Apr 12, 2025, 08:46 PM
(This post was last modified: Apr 12, 2025, 08:47 PM by samuelballsiu1.)
Anyone knows what to do, to get root, after logged in through ssh as tobias?
Apr 12, 2025, 08:47 PM
(Apr 12, 2025, 08:46 PM)samuelballsiu1 Wrote: Anyone knows what to do, to get root, after logged in through ssh as tobias? Check ports there might be a CVE.... https://github.com/bipbopbup/CVE-2023-46...on-exploit
Apr 12, 2025, 08:49 PM
(Apr 12, 2025, 08:47 PM)maggi Wrote:(Apr 12, 2025, 08:46 PM)samuelballsiu1 Wrote: Anyone knows what to do, to get root, after logged in through ssh as tobias? Oh yeah, we need valid credentials for that
Apr 12, 2025, 08:53 PM
(Apr 12, 2025, 08:10 PM)maggi Wrote:(Apr 12, 2025, 07:35 PM)kkkgrukckhko Wrote: We can use this syntax to check our uploads: how to download the sql dump I'm geting a 403.
Apr 12, 2025, 08:59 PM
(Apr 12, 2025, 08:53 PM)hujson Wrote:(Apr 12, 2025, 08:10 PM)maggi Wrote:(Apr 12, 2025, 07:35 PM)kkkgrukckhko Wrote: We can use this syntax to check our uploads: Login as amanda:arHkG7HAI68X8s1J Create backup with the password arHkG7HAI68X8s1J and unzip with the same password arHkG7HAI68X8s1J
Apr 12, 2025, 09:12 PM
(Apr 12, 2025, 08:59 PM)samuelballsiu1 Wrote:(Apr 12, 2025, 08:53 PM)hujson Wrote:(Apr 12, 2025, 08:10 PM)maggi Wrote:(Apr 12, 2025, 07:35 PM)kkkgrukckhko Wrote: We can use this syntax to check our uploads: Thanks it worked. But how did you find the creds for that account? |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 92 | 8,419 |
9 minutes ago Last Post: unionstorm |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 25 | 2,511 |
6 hours ago Last Post: cry_elite |
||
| CBBH Write Ups | 25 | 6,562 |
6 hours ago Last Post: cry_elite |
||
| [FREE] CPTS 12 FLAGS | 84 | 2,907 |
7 hours ago Last Post: justhelpmefly |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 33 | 3,085 |
7 hours ago Last Post: justhelpmefly |
||
