Ethereal

13

Comments

  • It finally works. I have changed NOTHING for the last 20 attempts... I've been swapping between VPN connections, and now it works... curious

  • edited December 2018

    Something to mention, the default HTB openVPN connection runs over UDP, meaning there is no actual session management for your overall connection to the labs (so TCP session management within the lab is then meaningless essentially).

    I found I had much greater reliability when using the TCP openVPN rather than the default :)

    After resetting the box, the actions of the box still appear as if an event which should be occurring isn't...

  • Reverse shell seems to hang as well... been carrying on without but was getting messy, decided to dig a little deeper. Not sure why but the commands aren't getting a response back... Works fine between two vms.

  • Yeah thats what I found, I woudl overwrite the .lnk and i could keep typing it and it just woyudlnt over write. I've sent the creator a message to see if its intended to start doing that once the box restarts as it may be a bug. I just switched labs until i found one that worked.

  • Finally rooted. Im glad this is out of my life! Great box, definitely pushed me to my limits and learnt a whole bunch :)

  • Somebody needs to have a word with j****....not impressed with his work ethic...

  • "Abandon all hope ye who enter here"....

  • Despite j****'s best efforts, finally got root. Well worth the struggle, lots to learn.

  • I am not having success with the *.l**, either my payload is off or I'm just not receiving the responses like everyone else. Anyone kind enough to confirm if my payload is jacked up??

  • jkrjkr
    edited December 2018

    .

  • jkrjkr
    edited December 2018

    .

  • Anyone could PM me a hint? I'm out of ideas.
    I’m able to execute a limited set of commands and to read a part of the output over another „channel“. I’m not able to write something or to use one of the techniques to transfer files to the machine.

  • jkrjkr
    edited December 2018
    > @MinatoTW said:
    > Try or Die!!! Don't let the box pwn you

    Searched through 4 labs and the free one yesterday to find a box where the lnk stuff is working properly. Does not get executed (the lnk works when I execute as Alan) and not get replaced. Have been trying for 3 days and over 15 hours now. Won’t let the sh*te box pwn my life.

    Probably Jorge is slacking as usual and already in his holiday break.

    :-1: :angry:
  • There's been a problem with the task which helps in getting the payloads executed. The mods have found the problem and the box should be fixed soon.

    property of organic

  • yep, has been fixed now! apologies for any inconvenience

    egre55

  • @egre55 said:
    yep, has been fixed now! apologies for any inconvenience

    Thank you guys!

  • jkrjkr
    edited December 2018

    Still trying to recover from the Ethereal experience I did "The Purge" today and reinstalled my Kali image. After trying to wipe the synapses from the experience I thus also got rid of all the "binary remainders". This is what my doc suggested.

    Special thanks go to all that helped me during the difficult time :wink:.

  • what a journey! the hardest box I did on HTB until now. learned again some new tricks. But struggling with the annoying non-functioning lnk feature cost so much time although doing it the intended way. Overall still thumbs up as it was fixed.
    Thanks to the good guys @opt1kz and @SamBugler for support.

    PM for hints

  • Also leaving my testimonial in the I-survived-Ethereal self-help group :-)

    It took me ages to find the 'key' to the entry point despite some good hints in this forum. Thanks all!

    On the path to owning the user I recognized the 'hing I have to use, but nearly gave up on it as I made a mistake on testing it ... Thanks @spoppi for pulling me out of some rabbit holes! Lesson learned: If everything is super locked down, better cross-check all your 'test' procedures on a local system twice - otherwise you can't tell 'locked down' from 'your mistake'.

    I found owning root a bit 'easier' but only because I was accidentally familiar with some technology involved here. But still I nearly overlooked something 'obvious' that maybe should be part of default enum. I turned this into an unnecessarily complicated (?) - yet super interesting - forensics challenge instead.

    But I really enjoyed all the rabbit holes and the learning experience a lot - thanks @MinatoTW and @egre55, this was one of my favorite boxes!

  • Hi guys,

    Can some admin/moderator check if the J***** is on PTO of US VIP 10? I did replace the l*** file and tried a lot of payloads, but it seems not being executed by J*****. I can see that the file changes (date and size). When I use the A*** account and execute the payload through the RCE it woks, by I really believe that j*** is on a EoY vacation. Some admin (or HR member) can verify it for me?

    Cheers,

    Arrexel
    THIS IS ..... HueHueBR Team!

  • hey maycon,

    I just checked US VIP 10 and it looks okay (he's definitely not on holiday!)

    it may be worth manually running what you are trying and seeing what the outcome is :)

    Cheers

    egre55

  • @kekra said:
    Also leaving my testimonial in the I-survived-Ethereal self-help group :-)

    It took me ages to find the 'key' to the entry point despite some good hints in this forum. Thanks all!

    On the path to owning the user I recognized the 'hing I have to use, but nearly gave up on it as I made a mistake on testing it ... Thanks @spoppi for pulling me out of some rabbit holes! Lesson learned: If everything is super locked down, better cross-check all your 'test' procedures on a local system twice - otherwise you can't tell 'locked down' from 'your mistake'.

    I found owning root a bit 'easier' but only because I was accidentally familiar with some technology involved here. But still I nearly overlooked something 'obvious' that maybe should be part of default enum. I turned this into an unnecessarily complicated (?) - yet super interesting - forensics challenge instead.

    But I really enjoyed all the rabbit holes and the learning experience a lot - thanks @MinatoTW and @egre55, this was one of my favorite boxes!

    well done, glad to hear it taught something! cheers!

    egre55

  • Thank you, mates! I don't know what I was doing wrong, but I restarted the machine few times and start from the beginning following a well defined path. I think that other users was replacing the **k file with a infinite time command, so when the file was opened it was impossible to re-overwrite it. Anyway, after few resets everything was working as expected.

    I got a shell (user.txt) and with a bit of effort it was possible to get the root.txt. It is such a great machine. Thank you makers. I learned some new tech and very useful stuff about Windows env.

    Cheers,

    Arrexel
    THIS IS ..... HueHueBR Team!

  • @kekra said:
    Also leaving my testimonial in the I-survived-Ethereal self-help group :-)

    It took me ages to find the 'key' to the entry point despite some good hints in this forum. Thanks all!

    On the path to owning the user I recognized the 'hing I have to use, but nearly gave up on it as I made a mistake on testing it ... Thanks @spoppi for pulling me out of some rabbit holes! Lesson learned: If everything is super locked down, better cross-check all your 'test' procedures on a local system twice - otherwise you can't tell 'locked down' from 'your mistake'.

    I found owning root a bit 'easier' but only because I was accidentally familiar with some technology involved here. But still I nearly overlooked something 'obvious' that maybe should be part of default enum. I turned this into an unnecessarily complicated (?) - yet super interesting - forensics challenge instead.

    But I really enjoyed all the rabbit holes and the learning experience a lot - thanks @MinatoTW and @egre55, this was one of my favorite boxes!

    We're glad that you enjoyed it !

    property of organic

  • edited January 2019

    I'm in ping point... I need some Hint so please PM

  • I'm having problem on running po. do I need to configure something on dosbox?
    The program just "page fault". How do I know if the downloaded cwsdpmi zip is correct?

    P.S. Do I really need to go deep in this hole?

    dodo

  • edited January 2019

    First thx for the creators. Also thx credits to @MrR3boot @xct @Dutyfruit and @cornholio .

    So as a unix guy: this was horribe.. :) but learned a lot.

    HINT: in most cases your biggest enemy is You. I had a typo, a small letter in a path name in my LAB and I copy pasted this folder name badly from first time…. 2 days sent to trash. So as this is a very complicated and "experience a lot on your own machine” VM, always double check, dont hurry!

  • @n1b1ru said:
    I'm in ping point... I need some Hint so please PM

    ippsec video about ping back, i think

    peek

  • Exhausting and time consuming, yet you learn a lot. User and root are both a challenge here.

  • @peek said:

    @n1b1ru said:
    I'm in ping point... I need some Hint so please PM

    ippsec video about ping back, i think

    I finally got the user flag....

Sign In to comment.