Registry

1910111315

Comments

  • edited March 2020

    An "x509: certificate signed by unknown authority" error indicates I'm on the right track?

  • edited March 2020

    I think I got user the not intended way, I was able to ssh in with what I pulled from the blobs, then reseted the box because it was giving me issues and now I can't ssh :neutral:

    EDIT: Disregard - it was the intended way, I had a typo :blush:

    Hack The Box

  • Type your comment> @nando740 said:

    An "x509: certificate signed by unknown authority" error indicates I'm on the right track?

    The certificate will give you a clue about what website to visit

    Hack The Box

  • Type your comment> @gu4r15m0 said:

    Type your comment> @nando740 said:

    An "x509: certificate signed by unknown authority" error indicates I'm on the right track?

    The certificate will give you a clue about what website to visit

    I visited *2 API from the registry. The above error is when trying to d**** l***n or d***** p***.

  • @nando740 said:

    I visited *2 API from the registry. The above error is when trying to d**** l***n or d***** p***.

    The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
    Are you using wget to download something? try --no-check-certificate
    If you are using curl, try -k

    Hack The Box

  • Type your comment> @gu4r15m0 said:

    @nando740 said:

    I visited *2 API from the registry. The above error is when trying to d**** l***n or d***** p***.

    The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
    Are you using wget to download something? try --no-check-certificate
    If you are using curl, try -k

    I can download things. But trying to pull from the registry with d***** p***, always gives that error. Same for login to the registry with d***** l****.

  • Are the files I upload suppose to disappear? Can't find a way around it :neutral:
    Any nudges?

    Hack The Box

  • Type your comment> @gu4r15m0 said:

    Are the files I upload suppose to disappear? Can't find a way around it :neutral:
    Any nudges?

    Yea, gotta be fast.

    Finally rooted. Thx for this cool box!

  • Solved my problem. Got user. On to root.

  • Does any1 have some FAIR documentation how the f* the r***** works? I cannot set up my server :S

  • Stuck on a login page for the c*s. :/

  • edited March 2020

    Done!

    Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64)
    
      System information as of Tue Mar 10 05:37:54 UTC 2020
    
      System load:  0.0               Users logged in:                1
      Usage of /:   5.6% of 61.80GB   IP address for eth0:            10.10.10.159
      Memory usage: 23%               IP address for br-1bad9bd75d17: 172.18.0.1
      Swap usage:   0%                IP address for d----0:         172.17.0.1
      Processes:    159
    Last login: Tue Mar 10 05:37:27 2020 from 10.10.14.36
    [email protected]:~# sha256sum root.txt
    029b18b4c0e2194ef4be039b9e362d32522a5b8ab5141af4487293e338d763fe  root.txt
    [email protected]:~#
    
    

    Hack The Box

  • Great box, love it! Thank @deluqs 's help

  • I am stuck with the first user. I was able to s** in as b***. I found the login page but I can't find login info. I tried a few basic username/password combos. Am I supposed to find it from /v/w? I found a few things but I am stuck.

    Any help?

  • Any hints on finding creds for the login page?

  • Type your comment> @nando740 said:

    Any hints on finding creds for the login page?

    Explore the web server directory where you would find files associated with the web app.
    There will be a file of interest. :)

  • Type your comment> @nando740 said:

    Any hints on finding creds for the login page?

    Think about where do webapps usually store creds, and look for that between the folders you can read.

    Hack The Box

  • edited March 2020

    Thanks. Had already thoroughly explored those dirs, but did not think about explore that file in so raw way. Had tried its utility (not present in the system).

    Can concentrate on the vector now. A lot of RTFM of that r****c thing ahead. :(

  • And rooted :blush:

    Pulled hair on finding creds to the app (respects given to the helpers), but after that, the service manual solved the rest.

  • Type your comment> @grav3m1ndbyte said:

    Not like this box is hard or easy or whatever, but most of the things I've found through the initial foothold has led me nowhere or to what looks to be a deadend, and...I'm confused to be quite honest. Can someone help out? If so, PM me.

    Rooted! Got stuck a couple of times because I was overthinking it and in one instance I did not think outside the box when trying to approach some things. The box is not as hard as it first might look like.

    Hack The Box
    CISSP | eJPT

  • If you have never used the technologies present on this box, be prepared to spend several days reading documentation, trying some things, failing miserably, and trying something else. However, this is the point. If you do not spend the time to understand how things work, then all you have is a little trophy in your HTB trophy case. Maybe that is enough for some.

    I know that some have mentioned you can do everything you need locally on the machine but I was not that lucky. I needed to host a server on the last step, which worked like a champ (again after reading documentation, trying some things, failing miserably, and trying something else). If you have the root directory, you have the root shell.

    Happy to help anyone who needs a nudge. Send me a DM. Let me know where you are stuck and not just "I tried a bunch of stuff and nothing worked".

    4t0ys3d

  • Well that was a challenge and then some. Thanks to all who have left cryptic hints on here, even though I found them as frustrating as the box itself at times. Lots of stuff learnt in the process of getting this box and probably the most satisfying root prompt I've ever got.

  • edited March 2020

    Hi all,
    I am currently on user b***. Can't seem to find a way to get my reverse shell to work as it keeps timing out. Looks like outbound connections are blocked or something. Can someone give me a tip on how to work around this? What am I missing/do I need another approach?

    update: figured it out

  • Stuck at the foothold from much time, the d****.r******y.h** not showing any kind of results.
    If anyone could give a direction it'll be appreciated

  • Great box @thek !! Very hard root for me!

  • Rooted
    PM for help :)

  • Hi, I pulled b***-i****, used top/top creds and enum. no idea. found not too much except ~/.s** folder with config and keys. Tried playing with s** -i login but nope, nothing has worked :/

    Can anyone put me on the right track, please? I have been hitting the wall for a few days.
    Help will be greatly respected and appreciated.

  • Very very good box, enjoyed it a lot end to end. Thanks @thek, my favorite linux box so far!

    k4wld
    Discord: k4wld#5627

  • Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?

    My advice:
    Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub -- think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until you've found to find a useful config, it's a little dusty but probably still works just fine.

    U1 → U2: Try to establish a strong web presence with info you extract using U1 powers.

    U1 → root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you don't have the ability to see them! 😒 Just when you're nearing tears because you can't see the results of your effort, remind yourself you're still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemy's lair), you'll find the answers come to you in a restful dream -- seems like restrictions don't transfer into the sleep realm.

    Happy to help if if anyone needs a nudge on this amazing box!

    Propolis

  • edited March 2020

    I've been spending hours now, escalated to user2, but stuck on root.... Don't know where to 'rest' my hands.. Any nudges will be gratefull! :dizzy:

    Edit: Rooted. I didn't consider the traditional methods of FT. ;)

Sign In to comment.