Hi, from the other side of the wire!
On this post, I want to highlight a new VM that I made to accentuate web application vulnerabilities. This vulnerable-by-design box depicts a hacking company known as H.A.S.T.E, or Hackers Attack Specific Targets Expeditiously, capable of bringing down any domains on their hit list.
I would like to classify this challenge with medium difficulty, requiring some trial and error before a successful takeover can be attained. You don’t have to root this machine to complete the challenge! All you have to do is get some sort of shell on it.
The H.A.S.T.E VM can be downloaded with the link below:
http://www.mediafire.com/file/115hejg5umvbnpq/HASTEVM.zip
You will need VMWare Player to virtualize the VMX.
If you enjoy web application flaws, you should have fun with this challenge. Let me know how it goes and feedback is always welcomed! Looking forward to solutions.
f1re_w1re, out.
EDIT: I’ve been very pleased with the amount of people attempting to solve this challenge. By far I’ve had 3 successfull researchers. The first was MrMxyzptlk, then Dweezy, and finally Amonsec with the fantatic walkthrough. I will be developing other VM’s that are a bit more complex to challege the security community. Thank you all for playing!
Is it in scope the get root on the machine? i just stick at www-data and try to privesc. will post results, if I crack it.
thank you , I learned a lot so far
You are correct! This is a boot to root challenge.
Good luck, hope to hear from you soon!
so I have shell on the VM, but can’t find how am supposed to privesc?!
There don’t seem to be any suid binaries.
I’ve ran privesc checker and linux enumeration scripts.
Don’t seem to be any kernal exploits available.
what am I missing?
could I get a push in the right direction please?
Congrats on getting a shell! Getting root should be very easy since you already did the hard part. Some system files will have the information you need to get root. It’s simpler than you think! There are not SUIDs to exploit or kernel exploits. That should be a really big indicator of what to do!
hey, don’t suppose I could contact you via email or your on IRC somewhere?
p.s. feel free to delete my comment
No problem, drop your contact information and I’ll message you. I’ll remove the comment afterwards
I just sent you a friend request on facebook 😉
this is very interesting box.still trying to bypass first part. some function are not allowed.
Correct! You’ll have to bypass some restrictions. May the force be with you.
I’m still try to privesc… May you contact me too? Best would be, if you use the emailaddress.
I will message you, sorry to keep you waiting!
my system clock has a wrong value… 😀
it’s 7:50 pm while i’m writing. your answering time is great btw!
hii may i somehow contact i still cant bypass restriction to get shell
I won’t be home til later today. Find me on Google+. The Facebook app is not secure
Anyway to get in contact with you if we have questions?
I can email you. Is the email you submitted on the form valid?
It is
hello, I have a shell. I tried lateral escalation but unsuccessful. i tried exploit, suid and crontab. I need a hint. Cancella u help me?
Per the description of post, that is all you need to complete this challenge. Good job!
[…] Author: f1re_w1re Series: H.A.S.T.E Web page: https://securityshards.wordpress.com/2017/09/13/new-h-a-s-t-e-hacking-challenge/ […]
Wow, thank you for posting such thorough and well-documented walkthrough for the challenge! I like your structure and methodoly. Fantastic job!
oh are you serious?! we don’t have to get root…
Correct, I communicated that to you via email 🙂
anyone manged to get root?
Per the description, rooting is not part of the challenge.
i have a full shell… but no root
Per the description of the challenge, you don’t have to root the box.
somebody get root?
Is it actually possible to root this box?
I’ve got shell [so technically completed the challenge], but your earlier comment seems to indicate it should be possible to privesc to root as well?
Rooting the box is not part of the challenge.
[…] dead end after dead end. After some HASTEy (sorry, I had to…) searching, I find f1re_w1re’s blog post announcing the release of the machine and after reading that, turns out that getting root is not […]
Sorry brother, check the link for the new VM – rooting is possible. Cheers!
Beyond fashionably late, but here’s my writeup: https://gr0mb1e.wordpress.com/2017/10/28/write-up-h-a-s-t-e/
Thanks for the fun!
There’s a bit of a contradiction here…at first you say:
“Congrats on getting a shell! Getting root should be very easy since you already did the hard part. Some system files will have the information you need to get root.”
But later, you indicate getting root is not part of the challenge. Either way, my write up is here, but if your earlier comments are incorrect, perhaps edit them if possible?
https://www.gerrenmurphy.com/vulnhub-haste-walkthrough/
Hi Gerren, you are correct. I miscalculated a simple aspect of the challenge. Everything that should be done is in the description of the challenge. This is true and accurate. Per the description, only getting a shell is required. Thanks for playing!
Have a crack at the new CTF I made. It should be fun, challenging, and it touches on several hacking aspects.
[…] time up…H.A.S.T.E from Vulnhub, courtesy of Security Shards. Let’s check it […]
[…] time up…H.A.S.T.E from Vulnhub, courtesy of Security Shards. Let’s check it […]