Dante Discussion

24

Comments

  • edited August 30

    Hi I am having trouble with priv esc on the .100 box, would welcome a nudge in the right direction Thanks.

    Edit

    Finally Root - on to the next one!

  • Can anyone help with PE on WS03?

  • I have completed the entire lab, so feel free to DM me with what you are stuck on and what you have done.

    limelight

  • I was thinking of doing this before OSCP, I have done around 15 easy boxes on HTB. You think its worthwile doing or carrying on with the retired boxes? Thanks

  • edited September 3

    Hi guys.

    I managed to pwn dc01 and to log into R*P as ka*****a then I found an interesting file called e******e_b****p.xlsx

    Now I tried more idea that did not work.

    Any advice?

    In the first network I pwned all boxes except WS02 SQL01 and J**K**** ones and I did not find a way to pivot until now.

    Thanks

  • anyone been able to escalate on DANTE-WEB-WS03? im working on the exploit, get a connection, but it immediately closes. any advice would be much appreciated!!

  • Hello all, I was wondering if anyone could give me a nudge on the .100 Box. I've already ran Nmap -D and i think i've gotten all i can get service wise.. i'm not very experienced with this so any advice and or help would be greatly appreciated

  • Type your comment> @lhh4sa said:

    anyone been able to escalate on DANTE-WEB-WS03? im working on the exploit, get a connection, but it immediately closes. any advice would be much appreciated!!

    Pm man

  • Flag one from sheer dumb luck. Just goofing off pinging random stuff while my scans ran and boom.

  • I know i'm not going crazy, but did something change over the network? Yesterday morning the .100 host had 3 open ports and last night all of them are filtered suddenly..

  • Hi, Anybody offer some help on .13 initial shell. Think I have found the entry point but not getting any closer Thanks

  • Type your comment> @LostatSea said:

    I know i'm not going crazy, but did something change over the network? Yesterday morning the .100 host had 3 open ports and last night all of them are filtered suddenly..

    Happened to me a couple times. One time was because lab was being redeployed. I waited a few minutes and reran nmap. But it was different this morning, it just wasn't working. I switched to a different GEO (from EU to US) it worked!

  • edited September 6

    Oh my stars! I must be missing something on the dot century box. Feel I have done cubic crap loads of enum, but nothing bites (dir finders, nikto scans and it's "specialized" cousin, ). Found a page in someone's notepad with interesante info, including one who may have less the stellar security performance. Can't seem to capitalize on that through any of the services. Can only seem access the first one disallowed, enuming the second has brought nothing to visit so far. The second seems peculiar, however. Missing a char the other has. Can someone send a nudge of what I am missing?

    FInally got somewhere!

  • edited September 5

    Hello, is there someone I can PM,

    I am extremely new to this,

    I am and the starting point,
    @Foothold, I cannot proceed further, some help would be greatly appreciated
    Thanks a lot
    Ati

  • Hi.
    I managed to pwn all hosts but I miss ws02, I feel stuck I can't find a way to get into.

    I tried all credential that I collected on each service and I did not find CVEs or similar, any help?

    I missed this flags:
    Update the policy!
    Single or double quotes


    Update the policy makes me think that I should exploit some information that I should already have but I have not success :/
  • kind of hit a wall in terms of moving around. only hosts i have left inside the first network are NIX07, WS02, DC01, SQL01and FW01. Any advice as to how to pivot to these hosts would be greatly appreciated.

  • edited September 7

    Looking for some help on getting a shell for WS-01 have creds for admin and John but kinda lost on what to do now. Got some simple XSS working but would like to ask more questions if anyone is available for more in-depth questions?

  • edited September 7

    Type your comment> @lhh4sa said:

    kind of hit a wall in terms of moving around. only hosts i have left inside the first network are NIX07, WS02, DC01, SQL01and FW01. Any advice as to how to pivot to these hosts would be greatly appreciated.

    I am in the same spot and situation, except that I have pwned DC01 also. I am also under the understanding that FW01 is out of scope.

    @m1ddl3w4r3 said:
    Looking for some help on getting a shell for WS-03 have creds for admin and John but kinda lost on what to do now. Got some things working but would like to ask more questions if anyone is available for more in-depth questions?

    You can PM me.

  • Type your comment> @stunn4 said:

    Hi.
    I managed to pwn all hosts but I miss ws02, I feel stuck I can't find a way to get into.

    I tried all credential that I collected on each service and I did not find CVEs or similar, any help?

    I missed this flags:
    Update the policy!
    Single or double quotes

    Update the policy makes me think that I should exploit some information that I should already have but I have not success :/

    I missed these flags as well - I would be very happy if somebody could point out where these flags are hidden (via PM). :smile: Thank you.

  • Hello,

    Having a bit of trouble getting my foot into this one.
    I know what account I should be targeting and tried some common wordlists on all 3 ports.
    I was going to try rockyou, but I had a feeling that I shouldn't need such a large wordlist for this machine.

    Would anyone be willing to give any pointers? I would really appreciate it.

  • Anyone have any tips for a foothold in dante-nix03 or dante-nix07? I have creds for webmin on nix03, but login is not working. Also on nix07 I do not get further than finding out about jenkins port

  • edited September 9

    Type your comment> @sT0wn said:

    Anyone have any tips for a foothold in dante-nix03 or dante-nix07? I have creds for webmin on nix03, but login is not working. Also on nix07 I do not get further than finding out about jenkins port

    Remember there are a few boxes that have dependencies on others. It could be one of those boxes does not have a path until you make progress elsewhere.

    For Webmin, careful analysis should give you working creds for the login.

    Feel free to DM.

    limelight

  • Could anyone give me a nudge on where to go for the NIX01 flag? I'm new to this and have used every enumeration script I have but don't see any way to proceed past the 2 users. Thanks.

  • Hi, you can PM me about this..

    @FullHorse17 said:
    Could anyone give me a nudge on where to go for the NIX01 flag? I'm new to this and have used every enumeration script I have but don't see any way to proceed past the 2 users. Thanks.

  • So apparently the Dante Labs breaks down for users who are forced to use the TCP protocol for their connection pack. My current network will not allow me to use UDP for my tunnels, so I must convert my connection to Proto TCP. This has worked well for me in the other HTB machines, but not for Dante.

    Does anyone know what could be done to force the TCP or should I submit a service ticket to HTB?

  • Hello Peeps, kindly stop overwriting the authorized_keys file, I was hoping to continue from where I left off before work, and now I need to start from scratch. Pls append instead of overwriting

    S1ph1lys

    We are the things that were and shall be again

  • @BaddKharma Are you unable to connect at all? I had connection issues initially. I was working out of a VM and had to add a passthrough/bridged interface for things to work. S

  • i'm still stuck trying to find a way into box 1.

  • is there anyone that has gotten the foothold yet on the first box? i'd like to share what i've done so far, and maybe you can point me in the right direction?

  • Can anyone offer a nudge regarding priv esc on .13 been going through pages of enumeration output but nothing is jumping out at me Thanks

Sign In to comment.