Official Static Discussion

Official discussion thread for Static. Please do not post any spoilers or big hints.

«1

Comments

  • edited June 19

    i am stuck wtih the OT* after Login! cant seem to find to generate the TO*P

  • edited June 19

    same

  • google is your friend

  • edited June 19

    Type your comment> @lszb said:

    google is your friend

    EDIT NVM. I was being dumb at keyboard xD

  • I can't download the i*.p file. Weird

  • any help after decrruping the db.sl + downloaded the pp otp enerato

  • Well, if someone else has problems with the t**p step ... make sure your time is synced ;)

  • edited June 20

    I am having problems with generating the **P code ? Any hints will be appreciated!!

    EDIT: Well, just like others I was too slow

  • Type your comment> @coldBug said:

    Well, if someone else has problems with the t**p step ... make sure your time is synced ;)

    Can you PM me with a little hint?

  • Any tips on how to proceed, after bypassing the to*p?

  • generate VP* configuration then remove Bd Btes from it

  • edited June 21

    Type your comment> @coldBug said:

    Well, if someone else has problems with the t**p step ... make sure your time is synced ;)

    Agree - one day it worked and the next day it stopped working because the machine's clock drifted. Had to reset the machine.

  • Any hints on what to do after access to *.20..0/24 network?? I tried brute-forcing the hash I got but no luck...Also tried to find any public exploits

  • file.gz has corrupted , how to repair ? :neutral:

    hoangvietitvn

  • Type your comment> @hoangvietitvn said:

    file.gz has corrupted , how to repair ? :neutral:

    google !!

  • Type your comment> @kavigihan said:

    Any hints on what to do after access to *.20..0/24 network?? I tried brute-forcing the hash I got but no luck...Also tried to find any public exploits

    Stuck at this point also. Has anyone moved forward from here?

  • Type your comment> @camk said:

    Type your comment> @kavigihan said:

    Any hints on what to do after access to *.20..0/24 network?? I tried brute-forcing the hash I got but no luck...Also tried to find any public exploits

    Stuck at this point also. Has anyone moved forward from here?

    If you can connect with the VPN fine, see what IPs you can't access. Then add them to your "ip route". Thanks to @dizaster101

  • Can anyone help me pop the shell? I can get RCE.. but not a interactive shell.. I found a module in **f but I am missing something I guess.. it says no session was created.
    I can DM the details.. thank you

  • Type your comment> @Aniruddh9 said:

    Can anyone help me pop the shell? I can get RCE.. but not a interactive shell.. I found a module in **f but I am missing something I guess.. it says no session was created.
    I can DM the details.. thank you

    Try exploiting it manually

  • rooted. foothold took the most time - it turned out I had the right approach, but it wasn't working in the release arena, maybe due to a network timeout. trying again in VIP it worked first time.

    thanks @ompamo for a fun box!

  • putting correct totp still not getting logedin

  • @hoangvietitvn said:
    file.gz has corrupted , how to repair ? :neutral:

    there are some github tools

  • edited June 25

    anyone got time for a nudge? need help with root, not sure I really understand er**t***

  • Type your comment> @Reddsec said:

    anyone got time for a nudge? need help with root, not sure I really understand er**t***

    maybe you can print your own format ;)

    Hack The Box

  • edited June 25

    maybe you can print your own format ;)

    yeah, after a lot of going in the wrong direction, I managed to root.

  • edited June 27

    Type your comment> @varshitmodi said:

    @hoangvietitvn said:
    file.gz has corrupted , how to repair ? :neutral:

    there are some github tools

    actually problem was not with tool it was with the machine. I changed server to EU3 and it worked fine.

  • I'm in Australia. Even when changing to a server in my region, where the timezone is the same as my host, the machine won't validate the totp. Shame, seemed like a nice box. Disappointing by HTB release team to allow a box with such a fickle variable. Would have been better off exposing ntp so we could sync our time to the box.

    delosucks

  • I also have trouble with totp it fails even after reset in eu-free-1, I also tried us , also fails... gotta check other regions

  • edited June 28

    Type your comment> @coldBug said:

    Well, if someone else has problems with the t**p step ... make sure your time is synced ;)

    To make this more understandable: You have a secret and need to generate tokens for the login... (make sure you know how t**p works). For the latter your time should be synced...

  • Quick tip on OTP.... I just added it to my Google Authenticator on my mobile, and no trouble ... xD You guys overthink too much sometimes

    Hack The Box

Sign In to comment.