Official Laboratory Discussion

1246718

Comments

  • not fun at all especially the first part

    but the second is easy

  • Hi everyone,

    i try to take out this machine but i'm stuck on page who everybody is stuck, I've try some payloads but it doesn't work. If someone can nudge some tips for bypass the l**** page of G** it will be great, thanks

  • Yay! I finally got user.txt I feel like a part of history (probably the most profitable... spoiler... right)
    On a completely unrelated note, have you guys ever checked out visualhack on vimeo.com ? They have like, 75 howto videos (that I've noticed). Maybe a litt;le less, maybe more like, sixty something videos...

  • too unstable, always be 502

    Hack The Box
    OSCP

  • Type your comment> @Zot said:

    Yay! I finally got user.txt I feel like a part of history (probably the most profitable... spoiler... right)
    On a completely unrelated note, have you guys ever checked out visualhack on vimeo.com ? They have like, 75 howto videos (that I've noticed). Maybe a litt;le less, maybe more like, sixty something videos...

    will check that thanks

  • can any nudge me i got the webpage and signup the webpage but stuck afterwards

  • edited November 2020

    i got a user flag but it doesn't submit
    last reset < 1 hour

  • Have user, but flag doesn't submit - even after a reset.

  • edited November 2020

    Have user, but flag doesn't submit

  • Hello everyone, been trying to figure a way to turn my L** to R** and so far, no luck. i've grabbed the s*****.y** file, and my only question is, do you need to set up your own g***** for it to work?

  • @Alpha19
    Go back on this thread and read PrivacyMonk3y post

  • @tyrantwave said:

    Have user, but flag doesn't submit - even after a reset.

    @nourmuj said:

    Have user, but flag doesn't submit

    @Embargo said:

    i got a user flag but it doesn't submit
    last reset < 1 hour

    This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @tyrantwave said:

    Have user, but flag doesn't submit - even after a reset.

    @nourmuj said:

    Have user, but flag doesn't submit

    @Embargo said:

    i got a user flag but it doesn't submit
    last reset < 1 hour

    This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    i can now submit the flag (Y)

  • Finally, I got root!

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • How do i run the G***** R**** C******, my reconfigure errors out...

  • Type your comment> @KonEcho said:

    How do i run the G***** R**** C******, my reconfigure errors out...

    same

    SpawnZii

  • edited November 2020

    Type your comment> @KonEcho said:

    How do i run the G***** R**** C******, my reconfigure errors out...

    On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

    sparrow1

  • Type your comment> @sparrow1 said:

    On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

    I currently installed the exact version D***** i**** of it on kali...do i have instead manually install it ?...Appreciate the help

  • Type your comment> @KonEcho said:

    Type your comment> @sparrow1 said:

    On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

    I currently installed the exact version D***** i**** of it on kali...do i have instead manually install it ?...Appreciate the help

    Well I couldn't quite grasp packaging in my distro and it was different version anyway, so I went with upstream .deb package.

    sparrow1

  • Root obtained - that was not an easy box!

    A medium at least IMO, and the requirements for foothold I think are a bit too involved for an easy. (And my VM complained hard and crashed a lot trying to do the thing...)

  • edited November 2020

    Well... finally rooted this beast, but oh well, it was a hectic ride with lot's of problems spawning instance (random HTB problem for VIP+ or globally :(), with unstable G***** stuff (where sometimes same command works and then it won't work; or you have to spawn locally G****** for some stuff) and overall "anger management". :P

    Overall IMHO this isn't an easy machine, at best it's medium and such... Don't get me wrong, it is a cool machine where you learn nifty stuff about G******. Also, I do understand that I have much to learn (so for some ppl it's "peace of cake" machine), but boy oh boy it was a pain

    Anyhow, thanks to the creator for the new stuff I learned with this box!!! ;)

  • Rooted!
    The box is easy and pretty straight forward, but you need to work on it;
    Foothold: Recreate the environment in order to get r*e. Should be 2 commands in the host version (not docker). Test it first, but remember that not all default binaries are there.
    User: If you can't crack it, change it. Please restore/reset the machine.
    Root: It's in that list. Look carefully, because it is easy.

  • Type your comment> @zweeden said:

    a chain of them.

    an exploit chain for an easy machine - that is new

  • @TazWake said:

    This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and
    [..]
    This isn't something that can be fixed by the forum or by tips from other users.

    I suppose you have a keyboard shortcut for routinely pasting this to the forum by now. ;)

  • Can someone PM me a hint for the palyload I have to use?
    Already tried a ton of options, was able to verify that some of them executed fine, but I am unable to setup a reverse shell :(

  • @cool4coder said:

    I suppose you have a keyboard shortcut for routinely pasting this to the forum by now. ;)

    THat would be too sensible, I just search and copy the previous messages :smile:

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @tyrantwave said:

    Have user, but flag doesn't submit - even after a reset.

    @nourmuj said:

    Have user, but flag doesn't submit

    @Embargo said:

    i got a user flag but it doesn't submit
    last reset < 1 hour

    This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    This wasn't the issue with this box.
    I'm VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
    Two types of payloads. Without resetting I ended up with two different root hashes.
    I can't really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

    FTR one method worked the other didn't

  • Man, I rage purged g**** from my machine after it crashed my box several times during installation. The last crash pushed me over the edge. Eff this box.
    This is too much for me for a supposedly easy machine.

  • @PrivacyMonk3y said:

    This wasn't the issue with this box.
    I'm VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
    Two types of payloads. Without resetting I ended up with two different root hashes.
    I can't really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

    FTR one method worked the other didn't

    That feels like something HTB should be notified about so they can fix the bug.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.