Official Academy Discussion

1235717

Comments

  • Wow web apps are really not my thing. Using the bodily function program on the second login page but whichever of the 3 parameters I change do nothing, am I being stupid?

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • Could anyone please PM me hint for user?

    laet4x

  • edited November 2020

    I'm going crazy looking for a needle in the haystack on the root path. Can any one give me a hint on PM?
    Thanks for advance!

    PD: Rooted. thanks everyone who help me ! :)

  • Rooted, simple and straight forward. Has anyone done it without m***s***** ? I interested to discuss. I had troubles with some libraries.

  • Rooted, feel free to PM for a hint but be prepared to tell me what you've tried

    Hack The Box

  • Got 2-nd user. It has a privilege to read smth special, but needs lots of greps. People write above that it can be done without greps and lesses. I suppose it is a useful util or command to be aware off. So If anybody aware of it, dm me pls!

  • @MRwatch0xff That's what iam trying to do two days now, but nothing :(

  • stuck on L*****l m*s*****. session not not created. Is my TA****U not correct?

  • Type your comment> @Alexmackzie said:

    stuck on L*****l m*s*****. session not not created. Is my TA****U not correct?

    I've tried that as well, got the same issue.

  • Type your comment> @alphaomega said:

    Type your comment> @Alexmackzie said:

    stuck on L*****l m*s*****. session not not created. Is my TA****U not correct?

    I've tried that as well, got the same issue.

    Got it!
    It needs something else thrown into it

  • Did someone change the fcking user flag?

  • @petrostheol said:

    Did someone change the fcking user flag?

    The flags change on every reboot.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2020

    Type your comment> @alphaomega said:

    Type your comment> @Alexmackzie said:

    stuck on L*****l m*s*****. session not not created. Is my TA****U not correct?

    I've tried that as well, got the same issue.

    I am still stuck on this as well...any hints appreciated ^^

    Edit: Got it!! Thanks

  • I am still stuck on this as well...any hints appreciated ^^

    you are probably missing one of the parametres of the exploit, try googling the one you are not using

  • I've gotten user but am struggling to get to 2nd user. Looking for nudges. Spend several hours looking through logs at this point and am obviously missing something

    cmoon
    OSCP

  • I'm having major DNS issues. When I try to go to the subdomain I get a host not found error. I had to put the root domain into my hosts files to even get it to start working in the beginning -- has anyone else solved this issue?

  • @MazerRac said:

    I'm having major DNS issues.

    It probably isn't DNS on HTB (although I haven't looked at this box yet so I dont know for sure)

    When I try to go to the subdomain I get a host not found error.

    This means it cant find the IP address in your hosts file.

    I had to put the root domain into my hosts files to even get it to start working in the beginning -- has anyone else solved this issue?

    If you put

    10.10.10.10    example.com
    

    In your hosts file, when you visit subdomain.example.com, you will get a failed lookup because each entry needs to be in.

    To solve this, you'd need something like:

    10.10.10.10    example.com subdomain.example.com
    

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake Thanks for the pointer. I didn't realize the didn't have any kind of DNS running -- I just assumed the VPN subnet would have a DNS server pushed through to the clients. I thought I was just helping out the DNS server the first time. Adding the subdomain fixed everything. Good to know going forward; thanks again!

  • edited November 2020

    @TazWake said:

    It probably isn't DNS

    It's always DNS :P

    /me ducks and runs


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • edited November 2020

    But yeah, sometimes the name resolution is a bit wonky. Especially with Chrome/Chromium. Don't explicitly state which protocol to use, and 80% of the time it doesn't even bother trying to resolve the hostname and simply takes it as Google search term

    EDIT:
    FFS, why does :@ hide the post's content O.o


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • @HomeSen said:

    @TazWake said:

    It probably isn't DNS

    It's always DNS :P

    /me ducks and runs

    Lol - And I suppose you could argue this time it is the lack of DNS which causes the problem so its still a DNS problem.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Well, it's the 101 of network troubleshooting:
    1. It's always DNS
    2. If it's not DNS, then the DNS server's cable has probably been cut.
    3. Otherwise, refer to #1


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • edited November 2020

    This may sound really stupid... I got a foothold, trying to get user. I found creds for the Mys*l server. trying to login but it wont authenticate, is this a rabit hole or am i doing it wrong?

    edit: got it :)

    Benjamin2000

  • question... I'm root, can do anything on the system. cat root.txt to grab the flag, but submitting the flag keeps saying error. So whats up

  • nvm, rebooted machine, cat flag again and its different flag. submitted :)

  • edited November 2020

    Rooted

    I really liked this box, especially the foothold. Its simple and easy enough for someone to know it when they see it but not immediately obvious. I have to say I agree on the rating. Nothings too complex, but if your new or have taken a break I can see why it might be challenging.

    Hints:

    foothold: enumerate. Maybe you cant see the way forward in your browser window and need another perspective. After that look for a way in. thanks to @LewisOSF for breaking me out of my tunnel vision

    User 1: I took way to long on this. Search through everything but you shouldn't have to go to far.

    User 2: What's special about this user? what can you do?

    Root: Can't really say a whole lot without giving it away. Its something that should come up in any enumeration.

    feel free to PM for hints

  • Rooted!

    Fun machine, it'll make you feel silly fora while before you realize..
    Root was very easy.

    Note for those who didn't finish yet,
    Make sure your exploits are setup correctly and aren't missing anything.
    It's way easier than what you think.

  • Ok so I must be stupid or smth.
    I rooted the thing, got the hash from /root/root.txt
    I copy that to # Own Root box and says the hash is wrong.
    Am I missing something?
    I mean I reached the end and I feel like this is a stupid question but nevermind.

    Nice machine nonetheless.

  • edited November 2020

    @tsheva said:

    Ok so I must be stupid or smth.
    I rooted the thing, got the hash from /root/root.txt
    I copy that to # Own Root box and says the hash is wrong.
    Am I missing something?
    I mean I reached the end and I feel like this is a stupid question but nevermind.

    Nice machine nonetheless.

    Flags are dynamic. And more often than not, the dynamic creation/refreshing seems to fail. Try the following:
    1. Reset the box
    2. Wait a moment (or two)
    3. Grab the new hash from root.txt
    4. Compare it to the one you got the last time
    5. When it's different, submit it
    6. Should it be the same, wait a minute and try again. If it still doesn't change, raise a trouble ticket at HTB's JIRA: https://forum.hackthebox.eu/discussion/2994/htb-support-on-jira


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • Type your comment> @HomeSen said:

    @tsheva said:

    Ok so I must be stupid or smth.
    I rooted the thing, got the hash from /root/root.txt
    I copy that to # Own Root box and says the hash is wrong.
    Am I missing something?
    I mean I reached the end and I feel like this is a stupid question but nevermind.

    Nice machine nonetheless.

    Flags are dynamic. And more often than not, the dynamic creation/refreshing seems to fail. Try the following:
    1. Reset the box
    2. Wait a moment (or two)
    3. Grab the new hash from root.txt
    4. Compare it to the one you got the last time
    5. When it's different, submit it
    6. Should it be the same, wait a minute and try again. If it still doesn't change, raise a trouble ticket at HTB's JIRA: https://forum.hackthebox.eu/discussion/2994/htb-support-on-jira

    I see. Yeah I already tried to refresh it and it has been refreshed a couple of times.
    I actually thought that the keys are refreshed each time the machine is being reset.
    But it's not happening since I am getting the same key since the first time I rooted.
    I'll wait a day or two and if it doesn't fix I'll raise a ticket.

    Thanks for the help @HomeSen .

Sign In to comment.