Official Laboratory Discussion

1235718

Comments

  • I got a user, but I don't understand where to move towards the root

  • edited November 2020

    initial foothold wasn't easy (especially if you do not read the report carefully). after getting a rev-shell look what services you can access..
    root was pretty easy :)

    pm for nudges

    Arrexel

  • Not easy at all, especially foothold. You spend so much time on foothold that when it's time to do user you've forgotten your name, imagine what this machine was about.
    I enjoyed it still, kinda sadistic. Learnt a couple of things, realized I don't know a couple of thousand. Thanks to those who gave me nudges, especially @earl12 who gave me the advice to use docker. Good luck everyone and HAVE FUN.

  • The single most important point I'd like to stress as well is to use docker :D foothold was not easy at all, but after that it's pretty smooth.
  • Anyone else getting syntax errors trying to generate the payload?

  • Type your comment> @ElleuchX1 said:

    is it even working for you guys? i can't even enter the g**** page anymore

    I keep getting error 502 "Whoops, G***** is taking too much time to respond." So you're not allowed.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Anyone able to assist - I understand you need to recreate the webpage but not sure where to begin.

  • Hello,
    Can any1 guide me in the right direction?

    I create the d***** c****** file but i think i made some mistakes.

    I wait for any msg in private.

    Thanks

  • Rooted!

    I can look back now and say nice machine and I learnt a lot about that service. Knowing the path to take and getting a shell was a lot more difficult than it should have been, but a great learningn experience. Thanks to @knuijsting for putting me back on the right path.

    N3ph0s

    Discord n3ph0s#7012

  • Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

    Why 50 53R10U5

  • Almost a day to get be able to access the webpage idk why
    Otherwise great box
    definitely not easy
    uid=0(root) gid=0(root) groups=0(root),1000(dexter)

  • After 2 days of struggling with G****** C***** generation finally got root! The final part was pretty funny and learned a lot of stuff but the unreliability of the C***** generation nearly drove me insane

    Arrexel

  • After a lot of trials and tribulations, I've gotten a shell. Poking around at the environment, and I think I might be completely lost.

  • Hi all, i found a bcrypt hash, for a certain user starting with 'D' I dont have much computing power, is it worthwhile attempting to crack it, if so should I use rockyou?

  • Hey , I am on this box for about 2 days now and going through this forum regularly
    I can see we have to use docker somehow .. The thing is I have no idea how it can be used
    I wanted to ask you all how you learn about stuff u dont know already and have no idea about how or what u can do with these
    Hoping to get some help in dm
    Appreciate any help
    thnk u

  • Type your comment> @Prjvl said:

    Hey , I am on this box for about 2 days now and going through this forum regularly
    I can see we have to use docker somehow .. The thing is I have no idea how it can be used
    I wanted to ask you all how you learn about stuff u dont know already and have no idea about how or what u can do with these
    Hoping to get some help in dm
    Appreciate any help
    thnk u

    I'm in the same spot, can anyone give me any nudge?

    Thx

  • Is the given IP address not resolving to a server intended or is it bugged atm? I have a way around it, but if I use the given IP it redirects to laboratory.htb which doesn't have an IP address associated to

  • @msimonelli said:

    Is the given IP address not resolving to a server intended or is it bugged atm? I have a way around it, but if I use the given IP it redirects to laboratory.htb which doesn't have an IP address associated to

    Have you added things to your hosts file?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2020

    @TazWake said:

    @msimonelli said:

    Is the given IP address not resolving to a server intended or is it bugged atm? I have a way around it, but if I use the given IP it redirects to laboratory.htb which doesn't have an IP address associated to

    Have you added things to your hosts file?

    No, should I have? (I don't think I should need to?)

  • It's a pretty common thing to need to edit your hosts file.

  • @tyrantwave said:

    It's a pretty common thing to need to edit your hosts file.

    alright welp that fixed it but I'm still completely stuck on the actual challenge. any nudges?

  • @msimonelli said:

    No, should I have? (I don't think I should need to?)

    google SNI, go back to your nmap scan

  • Can someone give me a little push in the right direction in pm's?

  • i am getting 502 anyone else getting same error

  • I´ve found and registered for g****** and even found an potential RCE but I'm stuck... any hints, pm me, no spoilers. I can tell you what I've done.

    dutchinho

  • You can send me a pm @dutchinho

    ArtemisFY
    OSCP

  • @Jk3r said:
    Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

    did you find a way where to use those keys?????

  • did you find a way where to use those keys?????

    Nope, still searching !

    Why 50 53R10U5

  • Got a foothold and landed on a limited D****r C*********.
    Any nudges on how to get user?

  • Type your comment> @andrenl said:

    Got a foothold and landed on a limited D****r C*********.
    Any nudges on how to get user?

    How did you use the keys? if u can help please

Sign In to comment.