TUTORIAL Bucket Discussion
by Ro0ted - October 17, 2020 at 10:37 PM
#25
(October 18, 2020 at 03:45 PM)xxxyz Wrote: You need to wait the sync part. This can take some time.

i can't run the sync manually ?
#26
No there is a cron-task for that. Try to change the name of your file. It was instant when I uploaded index.php.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#27
(October 18, 2020 at 04:25 PM)Kali76 Wrote: `
[email protected]:~/Desktop/HacktheBox/Bucket# aws --endpoint-url=http://s3.bucket.htb s3 cp ./reverse-shell.php s3://kali76

upload: ./reverse-shell.php to s3://kali76/reverse-shell.php
`
but dosn't work  on the URL http://bucket/reverse-shell.php

Why?

You need to upload on s3://adserver
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#28
When you upload your file in the bucket adserver you need to wait the sync part. When the file in the bucket is out then you can check on the real server bucket.htb/....php

There is a sync feature you just need to wait and check.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#29
Well try to use a different name for your file. On vip server it take like 30s max.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#30
(October 18, 2020 at 11:08 AM)ARhOmOuTEd Wrote: you can upload files to the buckets

└─# aws --endpoint-url=http://s3.bucket.htb s3 cp ./myfile.txt s3://macz             
                                                       
you can reach the file over the url           
http://s3.bucket.htb/macz/myfile.txt
cool this is awsome thanks for your help guys
#31
any hint for the privesc root?
#32
ssh [email protected]
n2vM-<_K_Q:.Aa2
#33
(October 18, 2020 at 05:33 PM)Kali76 Wrote: Any ideas for privesc root?
i know there is a docker and i think something needs to be done with him, but roy is not a member of the docker group so i don't think we can exploit GTFOBins in this case

i'm stuck too. there is suspicous process running.. maybe we should look
#34
any thoughts on privesc? enumerated and didn't find much - looks like someone was trying to exploit with lxd.
I saw a bunch of files in /var regarding aws sdk and other vendor files. I'm wondering if we do something with project dir in home
#35
(October 18, 2020 at 06:24 PM)southerndarkness Wrote: any thoughts on privesc? enumerated and didn't find much - looks like someone was trying to exploit with lxd.
I saw a bunch of files in /var regarding aws sdk and other vendor files. I'm wondering if we do something with project dir in home

It probably has to do with /var/www/bucket-app, look at the code into index.php...

I forwarded 127.0.0.1:8000 with ssh, and got a response from that application...

Also tried POSTing "action=get_alerts" to that page and got an empty response...

Have to think a little more about it...
#36
(October 18, 2020 at 06:42 PM)raidmail2020 Wrote:
(October 18, 2020 at 06:24 PM)southerndarkness Wrote: any thoughts on privesc? enumerated and didn't find much - looks like someone was trying to exploit with lxd.
I saw a bunch of files in /var regarding aws sdk and other vendor files. I'm wondering if we do something with project dir in home

It probably has to do with /var/www/bucket-app, look at the code into index.php...

I forwarded 127.0.0.1:8000 with ssh, and got a response from that application...

Also tried POSTing "action=get_alerts" to that page and got an empty response...

Have to think a little more about it...

Ahhh port forwarded now and checking out the bucket application site. 👀

It seems if we post to ?actions we connect to db on 4566 and dump items from alerts table into a pdf? strange

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB BountyHunter [Discussion] pheonix2021 0 122 2 hours ago
Last Post: pheonix2021
TUTORIAL HTB Fortress Synacktiv (DISCUSSION) pheonix2021 63 23,457 Yesterday at 07:49 PM
Last Post: luis0x10
TUTORIAL HTB - Prison Escape Discussion Terl79 6 1,151 Yesterday at 01:31 AM
Last Post: Terl79

 Users browsing this thread: 1 Guest(s)