Official Time Discussion

24567

Comments

  • Rooted the machine. Apart from the finding the right CVE, this machine was quite esay to deal with.
    Thanks to everyone who gave a nudge.

    PM if you need help

  • Finally rooted. spend too much time with user on the wrong cve which was quite similar to the actual one but didnt work. Root is very easy compared to user and just needs some proper enumeration. Thanks to @MariaB for the help on user.

    zaphoxx

  • If not familiar with this, take some time to understand the type of weakness this is about and how it works. You'll then know what to google for and will find it straightaway. Otherwise, I agree with a few others in here, you might get lost in rabbit holes. The usual 2cents:
    User: the above basically ^
    Root: classic, it's yours and root will run it for you

  • edited October 2020

    Type your comment> @LMAY75 said:

    :neutral:

    hello!, I'm a complete beginner .Can you help me with Time box, I'm unable to find the exploit for the vulnerability .please help

  • Any nudges on foothold guys???

  • Type your comment> @bataffleck said:

    Type your comment> @LMAY75 said:

    :neutral:

    hello!, I'm a complete beginner .Can you help me with Time box, I'm unable to find the exploit for the vulnerability .please help

    DM me

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @bataffleck check your PM lol i messaged you long time ago

  • Hi i'm a complete beginner, i can't find the exploit for the vuln. Can someone help me?

  • edited October 2020

    Type your comment> @whyno said:

    Hi i'm a complete beginner, i can't find the exploit for the vuln. Can someone help me?

    Pm

  • Solved the machine. It was easy as fast as you actually was reading the proof of concept found, and understood what it was doing.

    Running for OSCP

  • HTB is saying the flags are wrong. What's up? Do I need to root it again?

  • I think I understand what needs to be exploited but am getting an error **lize: prevented for ****

  • Honestly this box wasn't that easy imo.

    I required some time for that user flag, it's pretty obvious where to get your head into, but not that easy to actually find what you need, or at least for me it wasn't.
    Once you find the CVE, the getting it to work part is also kinda experimenting. Afterwards, ez.

    I definitely learned something cool and useful from this user part.

    The privesc was probably the easiest I had so far, lol.

  • Type your comment> @mnqn said:

    Honestly this box wasn't that easy imo.

    I required some time for that user flag, it's pretty obvious where to get your head into, but not that easy to actually find what you need, or at least for me it wasn't.
    Once you find the CVE, the getting it to work part is also kinda experimenting. Afterwards, ez.

    I definitely learned something cool and useful from this user part.

    The privesc was probably the easiest I had so far, lol.

    • Usually it's pretty rare to see the root part this easy on HTB.
  • Rooted! Thank you to @zaphoxx for a nudge on foothold. Had been on the exact article but thought it wasn't right.

    Not much to say that others haven't. Foothold is the only challenging part.

    Feel free to PM for nudges if you include what you know and what you've tried

    cmoon
    OSCP

  • Ok, After reading all of these posts, I now feel dumb LOL. So I believe I know how to go about root but I have tried the you know what port avenue from both my workstation AND from the remote workstation and I CANNOT FIGURE THIS OUT!!!!! I dont want a giveaway but I also need more than a cryptic answer.

    I know the end state of the process, I just dont understand the process!

    Thanks homies!

  • Good box, lots of scope for moding the exploit and learning more how se.../de... works on this type of platform. DM if you need a pointer

    GreysMatter

  • Think I already know the vulnerability, just got to understand how to exploit it lol.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • edited November 2020

    Type your comment> @elseif said:

    Type your comment> @lebutter said:

    I don't understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn't work and checked the other.

    Only when i saw the hints did i think that I needed to recheck every single one of those carefully, but without knowing it it's a different thing. Once you know the hints it's indeed easy but without the hint you can easily fall into rabbit holes and mess around with things that are somehow realted to the vulnerability which won't work.

    Root is definitely easy and a "classic" of privesc for those who are learning privesc.

    My experience was exactly this. Spent all afternoon knowing the weak point but digging through the many possible CVE's and dead ends before landing on the one that works. It boggles my mind how quickly people pinned down the right one but I'm sure experience plays a role.

    No, experience doesn't count here, you are given a simple clue as to what to search for and that's it.
    User blood was insanely fast, either he was VEEERY lucky or a big hint was handed out to him, plain and simple.

  • Can someone give any nudges ? , I know it has something to do with De****** but can't figure out how to do it .

  • done...
    really easy...finding the CVE was not so trivial, but privesc was really a classic.
    I cannot give hints without spoiling something...

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven't had the issue on the other ones. Friend had the same issue tonight when he did it. I'm running on a VIP instance and he was on the free server - both had the same issue.

    Pretty good box though. Root was pretty trivial but the initial foothold took a little searching for the correct exploit.

  • @prodlsd said:

    My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven't had the issue on the other ones. Friend had the same issue tonight when he did it. I'm running on a VIP instance and he was on the free server - both had the same issue.

    This should be raised to HTB via a JIRA ticket. They cant fix it if they don't know it is broken.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Very nice box - but I wouldn't say easy if enumeration process takes that long.
    Without burp and curl-export this trial and ERROR is a hell of a ride :smile:

    I also have the FLAG ISSUE - my flags are not accepted? does anybody know why!

  • @m0r4k said:

    Very nice box - but I wouldn't say easy if enumeration process takes that long.
    Without burp and curl-export this trial and ERROR is a hell of a ride :smile:

    I also have the FLAG ISSUE - my flags are not accepted? does anybody know why!

    It crops up in every thread on every box. The way HTB generates dynamic hashes means that sometimes they aren't accepted.

    You can:

    • report it to HTB via JIRA and they can fix it.
    • wait and repwn the box, it normally fixes after about 20 - 30 minutes but if people keep rebooting it will never fix.

    Just remember, every time the box reboots, or you switch VPNs, it needs a new hash.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @PapyrusTheGuru said:

    Think I already know the vulnerability, just got to understand how to exploit it lol.

    Same here

  • Type your comment> @PapyrusTheGuru said:

    Think I already know the vulnerability, just got to understand how to exploit it lol.

    Definitely can relate to this one. I've tried a few things out but I'm surprised that it isn't working. I'm sure it's something trivial.

  • Anybody having issues with their root shell not persisting very long? I've managed to pop the root shell, but it seems to expire after ~5 seconds.

  • Type your comment> @toddbrecher said:

    Anybody having issues with their root shell not persisting very long? I've managed to pop the root shell, but it seems to expire after ~5 seconds.

    pm

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

Sign In to comment.