Official Laboratory Discussion

1568101118

Comments

  • Just rooted the box!

    [email protected]:~# whoami && hostname
    root
    laboratory
    

    I have completed 53 machines after completing this one, and I will say this was probably the worst for being rated incorrectly. I am wondering how the decision is made to provide a rating for the machines. I would like more insight into that.

    I'm not complaining about the machine itself. I actually really enjoyed it!! Great box @0xc45 !!

    As always, DM if you need a nudge.

    zalpha
    OSCP | CISSP | CSSLP

    Respect always welcome if I can help you: https://www.hackthebox.eu/home/users/profile/140630

  • any nudge for user i find something important from user attributes but it's encrypted

  • Haven't had much time to work on this one, but every time I do, I get 502s on the g**.**********.*** page

    Resets dont' work. At first a server change worked, but now it doesn't, and I'm too lazy to keep changing it until it works.

    I think I'll just move on from this one for now, lol.

    Hack The Box

  • Type your comment> @Skyr00 said:

    any nudge for user i find something important from user attributes but it's encrypted

    maybe you can replace this important thing with something else ? :)

    @Peter Pan#9999 on discord

  • @pizzapower said:
    Haven't had much time to work on this one, but every time I do, I get 502s on the g**.**********.*** page

    Resets dont' work. At first a server change worked, but now it doesn't, and I'm too lazy to keep changing it until it works.

    I think I'll just move on from this one for now, lol.

    Personally I was waiting 5-10 mins after a reset and the G***** was on.

    @Peter Pan#9999 on discord

  • Type your comment> @PeterPwn said:

    @pizzapower said:
    Haven't had much time to work on this one, but every time I do, I get 502s on the g**.**********.*** page

    Resets dont' work. At first a server change worked, but now it doesn't, and I'm too lazy to keep changing it until it works.

    I think I'll just move on from this one for now, lol.

    Personally I was waiting 5-10 mins after a reset and the G***** was on.

    Well I'll be damned. Maybe I should learn some patience. Hahaha. Thanks!

    Hack The Box

  • I am working on this box and accessing to one port I receive code 502. Is it normal or reset must be done?

  • Hi guys, I transferred Labratory machine ownership (which I haven't seen before) to myself. Can someone explain that to me? Like have root/Administrator never gives that option so I think it has something to do with the VM internals - is that related to the access? Apologies, n00b overhere.

    My thanks for any and all help; it is appreciated!

  • Rooted. Struggled a while on the foothold after I got around all my 502 errors.

    User was easy.

    Root was funny because whenever i cat'd a certain file, I didn't see what I needed to see to privesc. Idk if my terminal was messed up or something, but I was very confused because I was very confident that this was part of the privesc, but I didn't see anything worthwhile.

    Finally figured it out, though. Fun box! Thanks!

    Hack The Box

  • @Darvidor said:
    I am working on this box and accessing to one port I receive code 502. Is it normal or reset must be done?

    Look a few posts above yours.

    Hack The Box

  • I have issues with the box for dirbuster and nmap. Ping responses take forever too. Is it just like that or?

    My thanks for any and all help; it is appreciated!

  • Gosh! I just rooted the box. I am begining with this platform and this was the hardest easy box I have found.

    DM open for nudges.

    Thanks to @waza and @alphaomega for guide when I was stuck.

  • Is there a solution for the 502 problem? Has anyone reported it to HTB?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I'm getting RCE by installing g***** on my own machine using the same s*****.yml. It seems payload is wrong... Any nudge?

  • @TazWake said:

    Is there a solution for the 502 problem? Has anyone reported it to HTB?

    From the descriptions I read in this thread, it's probably related to slow service start, combined with people resetting the machine due to the 502 :D
    The service really takes its time to come up, and until then the upstream proxy will return "I can't reach that service"


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • @HomeSen said:

    From the descriptions I read in this thread, it's probably related to slow service start, combined with people resetting the machine due to the 502 :D
    The service really takes its time to come up, and until then the upstream proxy will return "I can't reach that service"

    That kind of makes sense, although I did wait about 30 minutes before I gave up this morning (and I made sure I cancelled anyone else trying to reset it after my reset :wink: )

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Ah okay. Well, 30 minutes would be a tad bit too much, though. Maybe someone killed the service (or one of the dependencies) in the meantime.
    But yea, it sounds really odd.


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • Type your comment> @junglemonkey said:

    Hi guys, I transferred Labratory machine ownership (which I haven't seen before) to myself. Can someone explain that to me? Like have root/Administrator never gives that option so I think it has something to do with the VM internals - is that related to the access? Apologies, n00b overhere.

    Completely unrelated to root or admin access. It's for the website to track if you have an active machine/so you have control over resets and extension.

    cmoon
    OSCP

  • edited November 2020

    Rooted the machine,
    Initial foothold was difficult because you need to setup your own local instance to generate the payload.
    Thanks @cmoon for giving me nudges
    PM if you need help

  • Am I the only one who still got the 502 ?

    aimforthehead

  • Type your comment> @aimforthehead said:
    > Am I the only one who still got the 502 ?

    I had to resort to changing servers over and over again until I found one that had a working webpage.

    cmoon
    OSCP

  • edited November 2020

    Practically impossible to work on this box, at least at this time in the evening. It keeps being reset every half hours.

    Edit : I tried to recreate the environment inside a VM. I followed to the letter every step written on the official docs both for G***** and D*****, but I still can't get it to work (the browser just hangs). If anyone has a good link that explains in details how to set everything up so I can work on some tests, that'd be great :)

    dragonista

  • @aimforthehead said:

    Am I the only one who still got the 502 ?

    @cmoon said:

    I had to resort to changing servers over and over again until I found one that had a working webpage.

    Possibly too late to be helpful now, but I really think its better if people report things like this via a jira ticket.

    If you have to change servers, then it implies something on the original server is broken and it isn't being fixed by a reset. It frustrates me that it is becoming more and more common but HTB wont ever become aware of it unless people tell them.

    For me, this box was so problematical I nearly gave up. After raising a ticket (and sadly simply being told "its working for us, maybe you should reset it") I went back on the box and it was finally working.

    I did have to cancel a lot of resets while I was working on it though.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @dragonista said:

    Practically impossible to work on this box, at least at this time in the evening. It keeps being reset every half hours.

    If you are on the new "Beta" interface, it alerts you to a user trying to reset a box you are working on and you can try to reject it.

    However, the 502 error means lots of people will think they need to reset rather than wait.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2020

    @TazWake said:
    @cmoon said:

    I had to resort to changing servers over and over again until I found one that had a working webpage.

    Possibly too late to be helpful now, but I really think its better if people report things like this via a jira ticket.

    If you have to change servers, then it implies something on the original server is broken and it isn't being fixed by a reset. It frustrates me that it is becoming more and more common but HTB wont ever become aware of it unless people tell them.

    Probably should have on this one but I figured I was just too impatient. Definitely done that before

    cmoon
    OSCP

  • Just rooted it. Definitely shouldn't be rated easy. Feel free to pm me for a hint but make sure you're prepared to tell me what you've tried.

    Hack The Box

  • Yeah this was a very nice box! Took a lot of effort to get everything right. I agree not easy... for now... I had some insights that it will become quite easy in the near future.

    Though if you want to learn keep doing it in this difficult intended way! Thanks and kudos to the creator!

    Hack The Box

  • edited November 2020

    If anyone of able to give a nudge on how to get the reverse shell, payloads don't seem to be working

    nvm rooted

  • i have user and im trying to send d****r-s******y to my attacker machine, and nothing is working. I tried scp, wget, and curl.

  • @krisp33 said:

    i have user and im trying to send d****r-s******y to my attacker machine, and nothing is working. I tried scp, wget, and curl.

    When you can’t send it, try to rather pull it ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

Sign In to comment.