Members changing the credentials and the cron jobs taking to much time to execute

Hello friends !!

Just decided to start a discussion and say some suggestions for HackTheBox which I think can make our experience better :slight_smile:
So I wanted to discuss about 2 things :

  1. The unfair behavior of some players who change the credentials on a box and make this box unfinishable without a reset :frowning: .
  2. The Cron jobs which take too much time to execute (Example: Every 4 minutes) .

1)Basically , i’m part of eu-free lab and on some boxes , Some members change credentials of a key service , that stops our advancement on the box until we reset it (generally 20 points boxes like Jerry or Netmon as they are more accessible by their level) . So my suggestion would be that the author of the machine or a moderator/admin configures a background process or a scheduled task which restores the credentials of the service as they should be (Example : On Jerry , a background process which restores the tomcat-users.xml file as it was then mrh4sh created the box . Of course that process/scheduled task must be secured and out-of-scope in the pwing of the machine :smiley: ! ) .

  1. Like I said , I’m part of eu-free lab (I’ll become V.I.P soon ) and on that lab there is many players , and on machines that require to exploit a scheduled task , our payload is often overwritten by others members who are in the same situation as us (trying to abuse the scheduled task) . So my suggestion here would be to reduce the interval of time when the task is executed 2 times (Example : executed every 5 minutes → 1 minutes) as it doesn’t change the scenario of the box just the time we are waiting and reduces the chances to get our custom task overwritten :smiley: !!

Hope you will take this in consideration and don’t hesitate to discuss about it .

So, alot of times the boxes are just fine. However, its the 1000 + people that are throwing the sink at the box. Like Netmon its the kids that are trying to learn but are not sure what to do so they start with brute force, this is the problem most of the time. I have done close to 60 boxes on free and while it can be a pain i always learn something of the service that are running how much they can take and what not to do. Free is Free! I’m just happy I can get on here and learn even when it can be a headache

:bleep_bloop:

Type your comment> @Magavolt said:

So, alot of times the boxes are just fine. However, its the 1000 + people that are throwing the sink at the box. Like Netmon its the kids that are trying to learn but are not sure what to do so they start with brute force, this is the problem most of the time. I have done close to 60 boxes on free and while it can be a pain i always learn something of the service that are running how much they can take and what not to do. Free is Free! I’m just happy I can get on here and learn even when it can be a headache

It’s true , but I think that this type of issue isn’t intended by the players , sometimes we use the bad exploit ! But the credentials changing is intended and the goal is only to disappoint others players. So I hope this behavior will stop ?

author of the machine or a moderator/admin configures a background process or a scheduled task which restores the credentials of the service as they should be.

For NetMon I did put something in place when testing the machine. Every 42 minutes NetMon is restored back to a normal condition (was for other things, not password). I wanted it to be quicker but it also logs all users out of the box when it does this. I could probably look into creating a scheduled task to just change the password but wasn’t a super trivial thing to do with how the application is installed.

I have looked at free a few times throughout the day, and haven’t really seen many people changing the credentials. It is ungodly slow or broken at times due to brute forces.

I dont know if the buisness plan could allow 2 free eu servers ?

I think on Netmon if you click forget password it sends a new password to some mail and that’s why people get locked out (That’s at least what I got told, not sure if this is actually the case). And yea the box is just undoable on free servers because the web interface is constantly crashing (because of that stack overflow exploit) and people are resetting every 5 mins.