TUTORIAL Monitors - Hackthebox
by sanakasa - April 24, 2021 at 09:28 PM
#13
What is up with the error; Sorry direct IPC access is not allowed?

What is up with the error; Sorry direct IP access is not allowed?
Reply
#14
What about priv esc to marcus ?
Reply
#15
(April 25, 2021 at 02:37 AM)iristen Wrote:
(April 24, 2021 at 11:23 PM)bosbayt Wrote: i can read user.txt but hackthebox says it is wrong.

`cat /home/marcus/user.txt`

Do you mind sharing how you get foothold from cacti?

read crontab. you will see the service. read the service.
Reply
#16
Can you explain the steps to get reverse shell with rm /tmp/f;mkfifo... nc working please? I did try this in url then called the host.php?action=reindex like mentionned in github issue yet it seems I forgot some steps...
Reply
#17
(April 25, 2021 at 01:02 PM)mkassovitz Wrote: Can you explain the steps to get reverse shell with rm /tmp/f;mkfifo... nc working please? I did try this in url then called the host.php?action=reindex like mentionned in github issue yet it seems I forgot some steps...
Url encode the payload. If still not working
Reset the box.
Reply
#18
I did url encode the payload as demonstrated in github It doesn't seem to work... Sorry to bother here I can't dm... Maybe it's just the non VIP machine that's not working properly :(
Reply
#19
any idea of root privesc ?
Reply
#20
(April 25, 2021 at 01:28 PM)patelcha Wrote: any idea of root privesc ?

Can you share your payload to get RCE please? :D
Reply
#21
(April 25, 2021 at 09:18 AM)dummytest Wrote:
(April 25, 2021 at 08:46 AM)airspitter Wrote:
(April 25, 2021 at 08:39 AM)Jockerjock Wrote: https://github.com/Cacti/cacti/issues/3622

Been trying this for a while. I know it works, but haven't been able to get a payload that does anything

Try nc reverse shell


rm /tmp/f;mkfifo /tmp/f.....

This was unintended way and have been patched
Reply
#22
(April 25, 2021 at 04:23 PM)dummytest Wrote:
(April 25, 2021 at 09:18 AM)dummytest Wrote:
(April 25, 2021 at 08:46 AM)airspitter Wrote:
(April 25, 2021 at 08:39 AM)Jockerjock Wrote: https://github.com/Cacti/cacti/issues/3622

Been trying this for a while. I know it works, but haven't been able to get a payload that does anything

Try nc reverse shell


rm /tmp/f;mkfifo /tmp/f.....

This was unintended way and have been patched



Can you explain how to proceed then please? I have no clue I've been circling around with lfi/rfi for quite some time now :/
Reply
#23
The version of the software running in the docker container should be vulnerable to a recent CVE, but I cannot seem to get this to work, no matter what I try, including using the script on Github. Has anyone managed to get this to work, or is this not the path to root?
Reply
#24
Stuck on getting payload to work for the sql any hint
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL Monitors: root part for free siracuso 26 3,416 May 01, 2021 at 08:56 AM
Last Post: hhy
TUTORIAL Monitors HTB Detailed Writeup 0xmahesh 0 783 April 29, 2021 at 03:27 PM
Last Post: 0xmahesh
TUTORIAL Monitors Detailed Writeup Jockerjock 1 764 April 29, 2021 at 03:23 PM
Last Post: 0xmahesh

 Users browsing this thread: 1 Guest(s)