Tabby machine problems

Hello, world!
Well, I have two problems.

1) I have managed to pawn tabby's user and I am in the process of doing the privilege escalation.
Everything works fine, until I upload the two files(lxd.tar.xz and rootfs.squashfs into the vulnerable server) until I get to this error:


[email protected]:/tmp$ lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
Error: open lxd.tar.xz: no such file or directory

2) All of a sudden today, I can not ping the machine (10.10.10.194) and I can't even enter the megahacking website through the browser. Could the machine be down today or is it my fault?

In addition to that, when I am trying to check apache2's status(or start it(, I get an error like that:
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.

And it's status is set to failed. I can not start it, or restart it.

Comments

  • @jotunr said:

    Hello, world!

    Hi

    Well, I have two problems.

    1) I have managed to pawn tabby's user and I am in the process of doing the privilege escalation.
    Everything works fine, until I upload the two files(lxd.tar.xz and rootfs.squashfs into the vulnerable server) until I get to this error:


    [email protected]:/tmp$ lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
    lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
    Error: open lxd.tar.xz: no such file or directory

    First, you might find better tips by posting to the thread for this box: https://forum.hackthebox.eu/discussion/3474/official-tabby-discussion/ - someone else might have already mentioned this.

    The message implies the box thinks it cant find lxd.tar.xz

    Are you 100% confident it is called that and has been uploaded to the location the command will check.

    You might find better luck with ./ to specify the director you are running the command from rather than wherever it will search.

    2) All of a sudden today, I can not ping the machine (10.10.10.194) and I can't even enter the megahacking website through the browser. Could the machine be down today or is it my fault?

    This is a retired machine. You need to be on a VIP connection and "activate" the box before you can use it.

    If you are on a VIP connection and you have activated the box so it is showing up as assigned to you, then it is likely to be a problem on the box.

    In addition to that, when I am trying to check apache2's status(or start it(, I get an error like that:
    Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.

    Is that on the remote machine or yours?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:
    @jotunr said:

    Hello, world!

    Hi

    Well, I have two problems.

    1) I have managed to pawn tabby's user and I am in the process of doing the privilege escalation.
    Everything works fine, until I upload the two files(lxd.tar.xz and rootfs.squashfs into the vulnerable server) until I get to this error:


    [email protected]:/tmp$ lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
    lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
    Error: open lxd.tar.xz: no such file or directory

    First, you might find better tips by posting to the thread for this box: https://forum.hackthebox.eu/discussion/3474/official-tabby-discussion/ - someone else might have already mentioned this.

    Thank you very much. I will go on and do exactly that.

    The message implies the box thinks it cant find lxd.tar.xz

    Are you 100% confident it is called that and has been uploaded to the location the command will check.

    I am, because lxc built(make) those files and I uploaded those from my local machine to the vulnerable server.

    You might find better luck with ./ to specify the director you are running the command from rather than wherever it will search.

    Haven't tried this. Will do and post my results in a couple of days.

    2) All of a sudden today, I can not ping the machine (10.10.10.194) and I can't even enter the megahacking website through the browser. Could the machine be down today or is it my fault?

    This is a retired machine. You need to be on a VIP connection and "activate" the box before you can use it.

    Yes. I am VIP+

    If you are on a VIP connection and you have activated the box so it is showing up as assigned to you, then it is likely to be a problem on the box.

    It's being shown as assigned to me. I am working via the pwnbox of htb.

    In addition to that, when I am trying to check apache2's status(or start it(, I get an error like that:
    Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.

    Is that on the remote machine or yours?

    This is happening every time I enter pwnbox. I don't know if the same was happening yesterday. I assume that no, because I uploaded the files in the target machine.
    Tried to purge, then reinstall, but the error remains.
    Also terminated the pwnbox and opened a new one, and it's still the same.

  • @jotunr said:

    This is happening every time I enter pwnbox. I don't know if the same was happening yesterday. I assume that no, because I uploaded the files in the target machine.
    Tried to purge, then reinstall, but the error remains.
    Also terminated the pwnbox and opened a new one, and it's still the same.

    This sounds like a problem with HTB's set up. Its definitely worth raising a Jira ticket to see if they can fix it.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Now, I can not even ping a machine as well.
    I can ping google, and thats that.
    Cant even ping 10.10.10.27.

  • That implies the server is down or you have a networking problem.

    Try tracert/traceroute.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Tried traceroute. No response at all.
    Only ***.
    I might have a networking problem, but my connection at my natural PC is just fine.
    Also, in my VM, I can connect with OPENVP sucessfully and I can ping google there, just not any one of the machines.

    What can I do now?

    Tried to uninstall/install most apps. Tried force TCP through nano editor in the vm tick, nothng seems to be working all of a sudden (everything worked just fine yesterday).

  • If the OpenVPN connection works, but traceroute fails, there is a networking problem, probably at your end, but this will need troubleshooting.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Thanks for the info. A couple of questions.
    When I enter the spawnbox, do I need to download openvpn and connect with it in there as well, or is it unnecessary in there?
    Also, does it matter if my networking options at my VPN is set to NAT or Bridged? What is recommended?
    Thank you, sir!

  • I haven't used Pwnbox yet - sorry. Hopefully, someone else can give a better answer.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Sure. Thank you a lot sir!

  • Type your comment> @jotunr said:

    Thanks for the info. A couple of questions.
    When I enter the spawnbox, do I need to download openvpn and connect with it in there as well, or is it unnecessary in there?

    You don't need to download your openvpn file and connect when using PWNBOX - when you start it - it will configure everything for you (tun0 address) - so you can go straight into HTB and scan\enumerate\hack etc :)

    Unless spawnbox is something different that PWNBOX - then I have no idea :) and disregard my message

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • That was a typo. Ok, thank you very much!!!

  • Type your comment> @jotunr said:

    That was a typo. Ok, thank you very much!!!

    Helt i orden :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

Sign In to comment.