Official Academy Discussion

1356717

Comments

  • Rooted! If you need help you can PM me!

  • Well I graduated with root level honors.

    Foothold: I looked over something very simple whislt trying to break into the machine, posting stuff around without checking is never the right way of doing things...

    User: Not too difficult here, enumerate and use your google fu to get you by. GREP helped me a lot here.

    Root: Possibly the easiest part of the machine if you picked up on something interesting while enumerating.

    CarterJ

  • Hello can anyone PM me.? I'm stuck after getting the foothold. Currently trying to get the user credentials.

  • @SovietBeast said:
    Anyone done initial foothold exploit manually? I'm trying to do it with curl but no luck

    PM'ing you now

  • Got initial foothold, that was quite fun, definitely managed to get it by learning my lesson from my previous machine :)

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Just rooted.
    I have very little xp, but this is one of the most enjoyable machine so far.
    Thanks @mrb3n and @egre55!
    I can understand why people more experienced than me rated this easy.
    For me was just in reach, after i stretched all myself :smiley:
    That was so much fun.

    Just out of curiosity, can someone explain me what I saw during lateral movement?
    That thing catches your eyes but I don't understand it.

    PM me for nudges!

  • Got user! That was fun, now going to try getting root :)

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Was going back to the thing found during "lateral movement" and the thing is not there anymore. Can someone who already went over that point check it up, please? I dont know if something was messed up before of after i got that thing

  • @oceans11 said:
    Was going back to the thing found during "lateral movement" and the thing is not there anymore. Can someone who already went over that point check it up, please? I dont know if something was messed up before of after i got that thing

    Whatever "thing" you mean (probably a script) was likely put there from a fellow user. People sometimes don't use the /tmp directory so you'll find various recon/enumeration scripts, executables, etc. lying around sometimes, particularly in home directories.

  • That hash provided great disappointment

    https://imgur.com/iF3RJze

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Spoiler Removed

  • Spoiler Removed

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Congratulations!
    Academy root is now owned.

    that last part was kinda tricky in finding the right syntax, would like to see if others got it the same way, pm

    illwilll
    OSCP

  • edited November 2020

    Edit: Vibing now. Nvm.

    Hack The Box

  • edited November 2020

    Edit: Nevermind

  • Is something wrong with the box The Flags are not working !!!

  • yeah same got root flag like 3 hours ago, but it says incorrect flag when I try to submit it

  • Type your comment> @0xsp1d3r said:

    Is something wrong with the box The Flags are not working !!!

    I tried the user flag and had the same problem

  • @0xsp1d3r said:

    Is something wrong with the box The Flags are not working !!!

    @EX1TZER0 said:

    yeah same got root flag like 3 hours ago, but it says incorrect flag when I try to submit it

    @DavidWaugh said:

    Type your comment> @0xsp1d3r said:

    Is something wrong with the box The Flags are not working !!!

    I tried the user flag and had the same problem

    This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Now the hashes are correct on US VPN

  • Kind of stuck on root, can anyone point me to the right path please ?

    n3wb1e

  • edited November 2020

    I struggled a bit with getting the foothold. I found the method I was supposed to use in about 10 minutes, but I overlooked the part where you need to use a different sd. I spun my wheels there for a bit.

    The path to root from foothold wasn't bad. I was focused on the e***** user for too long though, but once I figure out my problem, I was good to go.

    I don't think I even grep'd much like people are saying. I just used a reporting tool that is present.

    Root was easy. Just look at the usual stuff.

    Nice box! Thanks!

    Hack The Box

  • @TazWake said:
    This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work.

    reboot issued from a root-shell doesn't change user.txt and root.txt. If you need new flags you have got to issue a reset from htb's webinterface. Imho htb should communicate the flag-problem in the forum and pin it to the top.

  • @cool4coder said:

    reboot issued from a root-shell doesn't change user.txt and root.txt.

    People shouldn't be doing this.

    If you need new flags you have got to issue a reset from htb's webinterface.

    Really this is the only way boxes should be reset.

    Imho htb should communicate the flag-problem in the forum and pin it to the top.

    I totally agree.

    However, from HTB's perspective there isn't a flag problem. Several hundred people submit flags every day, about 10 a week mention it in the forums and I think even less report it to HTB. I dont believe they are aware that it is really a problem. Hopefully, if more people report it, they will review how it works.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Thanks for your help @arobot

    n3wb1e

  • Nice Box!! Thanks to creators.

    For those whole are struggling for root - first understand the linux L** features. (Maybe you wont be in need of grepping and lessing)

  • Type your comment> @mrg3ntl3m4n said:

    I'm stuck after get admin page and found the hidden place, any nudges?

    this is hint for yourself. :)

  • Must be completely blind, i don't see where i could change something to get more rights...

  • Rooted!!
    Easy and fun box.
    My Hints:-
    Foothold- basic enum with burp
    user1- basic enum script
    user2- it's little difficult, look closely inside files, don't forget your special group
    root- believe me, it's very easy

    PM if you got stucked!!

Sign In to comment.