Official Buff Discussion

Hello, I have an admin console in the system. However, when I go to deliver both flags, user and root, I always get an error. This happens to me in both the old and the new interface. Does it happen to anyone else? I left this machine behind a few days ago in case there was any user modifying the flags, today I tried again but I am unable to deliver the flags.

@Ominousk said:

Hello, I have an admin console in the system. However, when I go to deliver both flags, user and root, I always get an error. This happens to me in both the old and the new interface. Does it happen to anyone else? I left this machine behind a few days ago in case there was any user modifying the flags, today I tried again but I am unable to deliver the flags.

If you read through a few of the threads here you will see that this is an occasional problem. (eg: Official Buff Discussion - #367 by TazWake - Machines - Hack The Box :: Forums)

HTB uses dynamic hashes which means they change every time the box reboots or is on a different VPN.

However, it also means that sometimes the hashes don’t load properly and it creates issues.

The main suggestions seem to be:

  1. reboot, repeat the pwnage, get the new flags, try them
  2. report it to HTB via a JIRA ticket and see if they can fix the issue

If you’ve left the machine for a few days, the flags you have are incorrect and you need to repwn.

Some help over here … this is my second time that I saw the root.txt but when I try to validated it I have an error… 7ddCENSURED09 …is this de correct flag for root or should I continue looking other Administrator Desktop root.txt file ? I did all with the PLINK -sh and run my exploit correctly sometimes it is cached others not … but when I can keep the session open with root , I copy the Flag as faster that i can but it´s not working don the validator.

I´m not sure if this is and error because I validated my user flag 2 or 3 days ago.

@H4FN said:

Some help over here … this is my second time that I saw the root.txt but when I try to validated it I have an error… 7ddCENSURED09 …is this de correct flag for root or should I continue looking other Administrator Desktop root.txt file ? I did all with the PLINK -sh and run my exploit correctly sometimes it is cached others not … but when I can keep the session open with root , I copy the Flag as faster that i can but it´s not working don the validator.

I´m not sure if this is and error because I validated my user flag 2 or 3 days ago.

Did you read the post immediately before yours?

Type your comment> @TazWake said:

@H4FN said:

Some help over here … this is my second time that I saw the root.txt but when I try to validated it I have an error… 7ddCENSURED09 …is this de correct flag for root or should I continue looking other Administrator Desktop root.txt file ? I did all with the PLINK -sh and run my exploit correctly sometimes it is cached others not … but when I can keep the session open with root , I copy the Flag as faster that i can but it´s not working don the validator.

I´m not sure if this is and error because I validated my user flag 2 or 3 days ago.

Did you read the post immediately before yours?

heeey TazWake !! … thanks bro currently It was rooted !!
I was worried because I was not sure if I was doing the correct for my first port forwarding with plink !!

@H4FN said:

heeey TazWake !! … thanks bro currently It was rooted !!
I was worried because I was not sure if I was doing the correct for my first port forwarding with plink !!

Cool.

If you get the flag though, it worked.

Rooted!!!
ping me for any hints and tips

First time playing, got the user flag after failing to understand the difference between RCE and Shell, but managed it in the end.

Going for root now, but I’m pretty lost. I’m trying to enumerate everything I can find, but I feel I’m going down the rabbit hole here.

(Please, stop resetting the machine every 20minutes…)

Need a nudge getting root. After talking with a couple of others I believe I’ve utilized pl***.*** correctly, I’m just not sure what to do after that.

@tk13 said:

Need a nudge getting root.

We always dislike the default one, right? Try to alter things. :slight_smile:

Got my first root ! Thanks everyone here, especially TazWake for the help. I guess it wasn’t that hard when you are used to it, but for a first, I’m pretty happy :smiley:

Type your comment> @Xalfy said:

Got my first root ! Thanks everyone here, especially TazWake for the help. I guess it wasn’t that hard when you are used to it, but for a first, I’m pretty happy :smiley:

Congratulations on your first root. Lot more to come.

need help on user some nudge?

@Trolliama said:

need help on user some nudge?

Read the information and do a bit of research on it.

For root access i have this error "Couldn’t agree a key exchange " when using P***k.exe and looking it might be a problem with an update help please. Thanks for your time.

@JAMSAURIUS said:

For root access i have this error "Couldn’t agree a key exchange " and looking it’s a problem with an update help please. thanks for your time

Well it could be a few things. Try a different version of the tool you are using if you are sure it is related to versions.

Also make sure you have something on your machine which can accept the request.

Hello all. Two days ago I was working on privesc. I achieved user before that. Today I find that I can’t get **.exe to work on the box. I use the exact same command and method to get the .exe on the box. however it’s not reversing back to me. in fact i find that the exe quickly is removed i can get wi****S.exe/.bat to stay on the box but **.exe is constanly deleted. This persists after a reset too.

@Rakdos said:

Hello all. Two days ago I was working on privesc. I achieved user before that. Today I find that I can’t get **.exe to work on the box. I use the exact same command and method to get the .exe on the box. however it’s not reversing back to me. in fact i find that the exe quickly is removed i can get wi****S.exe/.bat to stay on the box but **.exe is constanly deleted. This persists after a reset too.

Possibly try a different version. This has been discussed previously and the conclusion was some versions have a signature that is detected, some versions don’t.

Hi everybody, I’m stuck at the foothold point, I think I found some ways to get in, but I’m still hard stuck here. Can someone give me an hint?

@DolbyTheSheep said:

Hi everybody, I’m stuck at the foothold point, I think I found some ways to get in, but I’m still hard stuck here. Can someone give me an hint?

It depends on what you are stuck on. The simplest hint is find a vulnerability, exploit it.

If something isn’t working, it depends on what isn’t working.

If you’ve used the most common way in and it has tricked you into thinking you have a shell, re-read the source code and maybe scroll back through the discussions here.