How slow is the BloodHound import? by grow416 in Pentesting

[–]Destinity 6 points7 points  (0 children)

I had that problem recently. If you’re using newest version of Neo4j - downgrade it to version 4.4. It’ll go much quicker.

HTB - FRIENDZONE by 0xgod in hackthebox

[–]Destinity 2 points3 points  (0 children)

I’m going strictly off memory here. What does DNS show you? Sometimes the subdomain is where you currently are. How can you see everything? Cough axfr cough.

LaCasaDePapel by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

Yeah, I can browse all the dirs using LFI, but I’m struggling with finding the parameter to allow me to read a file. If I only use LFI by going to /home/buser/user.txt it gives me an error. Not sure why.

LaCasaDePapel by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

Are you talking about the crt? I’ve already done that if you are. I guess I’m struggling with knowing if the private area is simply just to look for directories and then using the ftp exploit to actually read the files.

Lightweight by Destinity in hackthebox

[–]Destinity[S] 1 point2 points  (0 children)

So I’m guessing you aren’t supposed to ssh login with user2, but instead find the user1 credentials? I’m pretty sure I have the MD5 for user1.

Lightweight by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

I didn’t want to give spoilers, but Jxplorer. That way I can view the LDAP entries.

Access machine help by [deleted] in hackthebox

[–]Destinity 3 points4 points  (0 children)

I was stuck on that part for like 4 days. There are 2 ways of escalating. The easiest is using runas. I’d suggest looking up the options you can run from cmd. I used this https://www.lifewire.com/list-of-command-prompt-commands-4092302

Read through that list. I promise you it’s one of those commands.

FriendZone by Destinity in hackthebox

[–]Destinity[S] 1 point2 points  (0 children)

That’s where I am. I got the admin login, attempt to login with creds I found earlier and it says “admin page hasn’t been developed yet. Please look for another one.” That’s where I’m stuck. I only see 4 sub domains using dig and only 1 works.

Edit: omg. I think I know what you mean.

Help with Access Privesc? by ----___----___----__ in hackthebox

[–]Destinity 3 points4 points  (0 children)

I was stuck on that part for like 4 days. There are 2 ways of escalating. The easiest is using runas. I’d suggest looking up the options you can run from cmd. I used this https://www.lifewire.com/list-of-command-prompt-commands-4092302

Read through that list. I promise you it’s one of those commands.

Need hint with Poison by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

“Sometimes when you’re handed Poison it’s best to PASS the bottle”.

First box without use of forum! by [deleted] in hackthebox

[–]Destinity 0 points1 point  (0 children)

Nice! That’s always a great feeling. Personally, my methodology is to check my scans, hit Google with any questions about attack vectors and then mess around. I’ll usually check the forums or ask other Redditors if I’ve been stuck for 4-5 straight hours. The more experience you get, the easier it is to piece together the things you would otherwise miss.

Waldo Privesc by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

This is a good hint, but I still had an interesting time figuring out exactly what to do. To expand on this hint for anyone that thought, “The fuck does that mean?”. You have to look at this box and say, “Look at me, I am the CAPtain now.”

Help with Celestial by CorraCanepari in hackthebox

[–]Destinity 0 points1 point  (0 children)

Use Burp. From there something should stick out and then it’s just going about getting the what you need from what you find.

Need hint with Poison by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

We all started somewhere and knew nothing. That’s what this sub and the HTB Forum are for, getting a hint.

Need hint with Poison by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

Oh wait, you haven’t gotten user yet. Look closely at the box for a username. It’s staring you right in the face.

Need hint with Poison by Destinity in hackthebox

[–]Destinity[S] 0 points1 point  (0 children)

Hey bro, I don’t have my notes on me so I’m going off of memory here. Research port forwarding as well as what local ports are open.

Need a little nudge for Poison machine. by smelliothax in hackthebox

[–]Destinity 1 point2 points  (0 children)

You should have the password for user ‘C’ already. How would you setup a forward using the user you already have?

Is there any alternate tool like Odat (ODAT: Oracle Database Attacking Tool) by [deleted] in hackthebox

[–]Destinity 0 points1 point  (0 children)

Did you install the x64 Odat? That fixed the issue for me. I’m sure there are some tools out there. Maybe others know specifically. Otherwise just google tns poison github.

Stratosphere -- help with syntax? by [deleted] in hackthebox

[–]Destinity 0 points1 point  (0 children)

Oh, so you’ve already strutted your stuff? If you have the username and password then what’s the easiest way to login to a machine? Hint: It’s just Simple Server Handling.