Official Laboratory Discussion

145791018

Comments

  • I can't for the life of me find the user flag, I've been searching for over 4 hours. Any nudges?

  • edited November 2020

    @msimonelli said:

    I can't for the life of me find the user flag, I've been searching for over 4 hours. Any nudges?

    You're probably not in the 'right' machine yet! You know some users, check where you are and what you can do from there

    Arrexel

  • edited November 2020

    Foothold was really painful. SomeONE helped and guided me with a lot of patience, thank you very much, once again.

    But watch it yourself, we documented this process very thoroughly:

    That was just foothold. After that things got better.

  • @iHeyHey said:

    @msimonelli said:

    I can't for the life of me find the user flag, I've been searching for over 4 hours. Any nudges?

    You're probably not in the 'right' machine yet! You know some users, check where you are and what you can do from there

    I got it, cheers

  • can someone give any nudge about user? i'm currently in c*******r but don't know how to escape. is it needed to use exploit or something else ?

  • Type your comment> @Skyr00 said:

    can someone give any nudge about user? i'm currently in c*******r but don't know how to escape. is it needed to use exploit or something else ?

    DM'd you

  • i got sec***.yml have all the keys how and where to use that. can anyone help please

  • I got a shell and I'm in the c*******r but I don't know that to do. Can someone PM me?

  • Type your comment> @mrg3ntl3m4n said:

    I got a shell and I'm in the c*******r but I don't know that to do. Can someone PM me?

    did you use sec***.yml key to get the shell?

  • People will find this box a lot easier when they stop thinking of it as a 'G*****' exercise and start thinking of it as a Google exercise :smile:

  • Type your comment> @hb86125295 said:

    Type your comment> @mrg3ntl3m4n said:

    I got a shell and I'm in the c*******r but I don't know that to do. Can someone PM me?

    did you use sec***.yml key to get the shell?

    I will PM you

  • Stuck at user d*****. Ran some Linux enum but couldn’t catch what I need. Can someone PM me for help?
  • Finally rooted. Rating of these machine is seriously misleading. While I would rate difficulties of user 4/10 and root 2/10 the foothold goes up to 11.

    I think misleading ratings are detrimental to new users because they would expect something much simpler. I wonder how many newcomers just said F--it and dropped their interest altogether. Just compare this machine to Nest or OpenAdmin on one (easy) hand and Doctor and Blackfield on the other(hard). I understand that this is debatable coz what we know is easy and what we don't know is hard. But c'mon - chaining exploits while installing full G***** suite is not f... easy.

    To end this long rant-thank you @0xc45 for enjoyable machine and great learning experience. Looking forward to your next machine. Also thanks to @waza for great hint that allowed me to proceed.

    sparrow1

  • stop in foothold
    use CVE *** Access to limited information(/e**/pas***),but can't get shell
    I missing any important information
    please PM me

  • i know about the G***** page but I can't seem to get into it, can someone pm me with a nudge

  • edited November 2020

    The hardest easy machine I have ever made. But it's been fun and I've learned some new things! Thanks @0xc45 !

  • The g***** only answer with error 502...

  • Would really appreciate a nudge on root. Everyone is saying it's easy but I'm totally lost...

    cmoon
    OSCP

  • Hi! Does anyone have a tip for the user?

    @Peter Pan#9999 on discord

  • edited November 2020

    Finally rooted. I was stuck on root for hours. Felt really dumb once I finally figured it out. Thank you to @SpawnZii for confirming I was in the right spot. Feel free to message for nudges, but as always let me know what you've tried

    cmoon
    OSCP

  • can anyone help me with the initial foothold? pm me here or on discord
    Krispee Karim#5177

  • Finally rooted.
    Overall this box had a lot going on, I wouldn't call it easy at all, especially for a newbie like me. got a lot of 502's which stopped my progress.

    Foothold required your own setup
    User was right there in front of me but a couple of tries made me look for a different way (while the first option was correct...)
    Root was fairly easy.

    Learned a lot!

    Thanks to all the users who helped me!

  • hi all, i am currently stuck at foothold. i do have a couple of working cve's but nothing i could combine or chain for a rce yet. can someone pls pm for some assistance on how or where to proceed now. thanks

    zaphoxx

  • I have found G***** login/register pages. But both do not work: I get 422. Any suggestions? Should I create account to pass forward?

  • After gaining foothold:
    Is that non-public file, which is apparently invalid, what is used to pivot to user? Or is that a red herring? (Because if so, I am stumped on how to figure out what is wrong with it!)

  • I really enjoyed this box but I have to agree with the previous comments regarding the rating. This was not an easy box.

  • edited November 2020

    Type your comment> @0xc45 said:

    Good luck, have fun all!

    Rooted, I'm going to hang myself, thank you :/

    (you can pm me here or on discord : Peter Pan#9999)

    @Peter Pan#9999 on discord

  • edited November 2020

    Ok so I got the secret file.
    Could use a little nudge here moving forward with the payload.

    Thanks

    aimforthehead

  • Type your comment> @aimforthehead said:

    Ok so I got the secret file.
    Could use a little nudge here moving forward with the payload.

    Thanks

    I ran a Docker instance of same version G----b with much Google'ing and going through the docs since not familiar with its back-end operation. Takes time but you can re-create close enough to the same environment using that file you found. If you look at the headers there's something unique in there that you can now forge. You've probably come across the bug report that got you that file, keep reading down the page. You'll know it when you see it.

  • Foothold

    The map will reveal the way.
    For the rest...
    On a completely unrelated note, @zot suggestion on pg 4 if fire.

    User

    Record are meant to be changed with the right console.

    Root

    If you blink twice you might miss it. No peas necessary.
    What is it really doing?

    There is already a ton of good stuff in this thread. I hope this helps someone.

    PM for a nudge.

Sign In to comment.