Official Academy Discussion

1246717

Comments

  • edited November 2020

    One of the faster ones. Enjoyed it. After quite a bit of enumeration and understanding what's involved, I quick script popped open a foothold shell. Pretty sure I was NOT supposed to see the "magical word" to get from one user to another user by looking at "what's going on". From that user to root was reasonably easy, I had expected much worse for a moment ;) Thanks for the machine!

  • I am struggling with the foothold. I am getting redirected to http://acadmey.htb/. I have run go****er with multiple dictionaries. They are getting 302 error codes. I just want to make sure this is working correctly. Thanks

  • Type your comment> @reno42 said:

    Must be completely blind, i don't see where i could change something to get more rights...

    Have you checked out the useful tool named after a bodily function?

    Hack The Box

  • Could anyone PM me some hints for lateral movement?

  • edited November 2020

    Someone give me a nudge please.
    I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don't know what should I do next. Thx.

  • Thx, fun box.
    I think there are more than enough hints here already, so I don't really think it is any good giving more:)

    nopej0hnson

    PM for nudges, will be glad to help you.

  • edited November 2020

    Finally Rooted!

    Feel free to PM me for nudges, as I found them especially helpful for this box.

    Some hints you have probably seen before:

    Foothold: If you haven't found anything, look harder. There will be a value you can change to become privileged. (:
    User1: As stated before, make sure you have the ability to recursively search through files upon files until you find what you're looking for. Academy has all of the secrets you need.
    User2: You are part of something, let it help lead you to a location that will hold everything you need. Google will be essential to find out how to use these files. You may not get it straight away.
    Root: So easy, you don't even need a hint for this one.

    Try Harder!

    Hack The Box

  • First of all: thanks. this was one of the funniest box i've done in the last months...
    Secondarily: this is one of those boxes that seems to have been built around the idea of making the attacker feel "uncomfortable"...
    ...but maybe better say "dumb"!
    Take it this way: It's definitely an easy machine, ok?!?
    No major skills are needed, foothold is so damn evident that it's impossible to say something without spoiling it.
    User is right there, in plain sight.
    Then you go down a clear path to root and you'll eventually can get fooled for hours, like me, because you would never ever think that such a plain and easy path could be the right way...
    If you're dumb like me you'll end up chaining and piping commands after commands, exploring every option of your favourite parsing/finder/regexp matcher...
    Then you'll eventually ask for help (thanks @mittermayr and @grag1337 ), but they'll be rightly reluctant to tell you what's obvious...
    ...then you'll find out what's obvious...and you'll feel dumb. like me now.

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • That was such a nice box!
    It feels great to finally have a decent easy box.
    Congrats for the devs!

  • Type your comment> @jkana101 said:

    Rooted. An OSCP-like box. Recommend for who gonna have OSCP exam

    well this explains why I failed then :pensive:

    jokes aside, IDK. stumped on user > 2nd user but i know what i need to look at. that part and the initial foothold exploit does seem OSCP-like but i doubt OSCP would require this much searching (or, likely, i'm doing it in an inefficient way.)

  • I would be really happy if someone could PM me with a little nudge. I'm going crazy here. :D

    I have found the magic page and used some of the info there which works, but after that I'm in trouble.

  • Can someone PM me im on the dev page and found the tool to use on it but not sure how to get past this point. I don't want to spoil too much and i'm not sure what's considered a spoiler bc foothold was straightforward.
    Hack The Box

  • Pheeewww, finally rooted. The 2nd user was a bit tricky...

  • can someone pm me a nudge after the la****l exploit i'm stuck here for 2 hours

  • Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

    I'm also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it's intentional or not.

    panicfox

  • Nice box! Don't forget to update your enum scripts.

    sx02089

  • I am having issues with http://academy.htb/ . It keeps saying server IP can not be found. Is anyone else facing this issue?

  • Type your comment> @zedgell said:

    I am having issues with http://academy.htb/ . It keeps saying server IP can not be found. Is anyone else facing this issue?

    Try putting 'academy.htb' and the ip in your hosts file

    elseif

  • @panicfox said:
    Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

    I'm also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it's intentional or not.

    You don't need the links, just pay attention to the registration and auth mechanisms. Open the hood and go through the whole process, when you find it it should be obvious what number to use.

    elseif

  • Type your comment> @sx02089 said:

    Nice box! Don't forget to update your enum scripts.

    You know, I think about that a lot, and then I don't end up doing it until I reinstall the OS or VM. It would definitely be a good practice to update more often, haha.

    Hack The Box

  • Rooted, PM for hints, although this thread has a bunch of them already :)

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Someone give me a nudge please.
    I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don't know what should I do next. Thx.
  • Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.

    Could someone pm me pls?
  • @hashtagdeg said:
    Someone give me a nudge please.
    I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don't know what should I do next. Thx.

    Try to find out more about what you see ;)

    @LiamKRP said:

    Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.

    Could someone pm me pls?

    You're on the right track.
    You either need to dig further, or check the exploits' params ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • Nice box! Very funny especially the part of the second user! Congrats @egre55 and @mrb3n !

    Pm if anyone need a nudge.

  • Type your comment> @panicfox said:

    Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

    I'm also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it's intentional or not.

    If u have already escalated ur privilege on the website then maybe u should try to search for some other portal for logging in as a privileged user

  • i get root but flag is error

  • Rooted. For some reason, I did not notice the first step for foothold for quite an embarrassing amount of time. Sometimes it helps to go very slow at the start of your investigation and examine everything carefully. It's so dead obvious, you cannot miss it.. I guess I was expecting something to be found at a later step. It really is easier than anything I have seen before on here so I guess I didn't expect it to be there. A good lesson in being thorough I guess.
    The rest of the box flowed fairly quickly and did not require any brute force or scanning. Everything can be done with off the shelf tools and this box really did feel easy for once. Nice box to get me back in the mode after a couple month break, I enjoyed it!

  • Spoiler Removed

Sign In to comment.