Dante Discussion

@BaddKharma Are you unable to connect at all? I had connection issues initially. I was working out of a VM and had to add a passthrough/bridged interface for things to work. S

i’m still stuck trying to find a way into box 1.

is there anyone that has gotten the foothold yet on the first box? i’d like to share what i’ve done so far, and maybe you can point me in the right direction?

Can anyone offer a nudge regarding priv esc on .13 been going through pages of enumeration output but nothing is jumping out at me Thanks

Type your comment> @dtwozero said:

is there anyone that has gotten the foothold yet on the first box? i’d like to share what i’ve done so far, and maybe you can point me in the right direction?

Feel free to DM me. I have done the entire lab.

Type your comment> @BaddKharma said:

So apparently the Dante Labs breaks down for users who are forced to use the TCP protocol for their connection pack. My current network will not allow me to use UDP for my tunnels, so I must convert my connection to Proto TCP. This has worked well for me in the other HTB machines, but not for Dante.

Does anyone know what could be done to force the TCP or should I submit a service ticket to HTB?

I am assuming you tried this, just making sure you saw it though;

Alternate TCP Connection

By default, our network uses UDP port 1337. If this port is blocked at your location, you can try switching to TCP 443 by editing your .ovpn file.

Change proto udp to proto tcp
Change remote {serverAddressHere} 1337 to remote {serverAddressHere} 443
Change <tls-auth> to <tls-crypt>
Change </tls-auth> to </tls-crypt>

So a quick update. I know i’m not going crazy. I think the box needs to be reverted. The service i know i’m supposed to get a clue from is not working correctly. I’m getting errors trying to connect. I also see a long list of exploits in a directory unrelated to that service. Is it possible that this box is toast? does anyone know the name of it, so we can attempt to revert it?

Type your comment> @0PT1MUS said:

Type your comment> @BaddKharma said:

So apparently the Dante Labs breaks down for users who are forced to use the TCP protocol for their connection pack. My current network will not allow me to use UDP for my tunnels, so I must convert my connection to Proto TCP. This has worked well for me in the other HTB machines, but not for Dante.

Does anyone know what could be done to force the TCP or should I submit a service ticket to HTB?

I am assuming you tried this, just making sure you saw it though;

Alternate TCP Connection

By default, our network uses UDP port 1337. If this port is blocked at your location, you can try switching to TCP 443 by editing your .ovpn file.

Change proto udp to proto tcp
Change remote {serverAddressHere} 1337 to remote {serverAddressHere} 443
Change <tls-auth> to <tls-crypt>
Change </tls-auth> to </tls-crypt>

Yeah the problem exists when you do that, it severs your ability to interact with the first machine at all. Have a service ticket on it that’s being worked on. So fair warning to anyone behind a strict firewall/network edge that if you use TCP connections Dante may not work for you until it gets resolved.

Type your comment> @BaddKharma said:

Type your comment> @0PT1MUS said:

Type your comment> @BaddKharma said:

So apparently the Dante Labs breaks down for users who are forced to use the TCP protocol for their connection pack. My current network will not allow me to use UDP for my tunnels, so I must convert my connection to Proto TCP. This has worked well for me in the other HTB machines, but not for Dante.

Does anyone know what could be done to force the TCP or should I submit a service ticket to HTB?

I am assuming you tried this, just making sure you saw it though;

Alternate TCP Connection

By default, our network uses UDP port 1337. If this port is blocked at your location, you can try switching to TCP 443 by editing your .ovpn file.

Change proto udp to proto tcp
Change remote {serverAddressHere} 1337 to remote {serverAddressHere} 443
Change <tls-auth> to <tls-crypt>
Change </tls-auth> to </tls-crypt>

Yeah the problem exists when you do that, it severs your ability to interact with the first machine at all. Have a service ticket on it that’s being worked on. So fair warning to anyone behind a strict firewall/network edge that if you use TCP connections Dante may not work for you until it gets resolved.

Can confirm, I was never able to get comms sorted to Dante with the TCP option (per the directions already mentioned). Only the default UDP config worked. Because that wasn’t an issue for me, I never pursued a solution. Hopefully they can resolve soon for those that can only connect via TCP.

Does the request reset function work? Every time I load up in Dante2 there is someone else’s php code still present.

On the topic of the connection issues, I found that working in a VM can muck up the connection. Not 100% offhand why this isn’t the case for the individual machines outside the labs. I am able to use TCP, just had to add a passthru/bridged interface

Also, anyone having issues with NIX02? There is a file that should only exist in a certain users dir under certain conditions, yet those conditions do not seem to be present …

Can someone PM with a nudge getting initial foothold? Got the first flag and the todo.txt file with user I should be targeting, possible permissions issue, as well as possible vulnerability to look out for. Not sure where to go from here? Tried some things to no veil from info I found

i’ve been at this for 3x days. there has got to be a faster way to get help, besides the forum, discord, and support portal. Not happy spending money on this so far.

@r0me and @dtwozero It looks like you are on the right track, but sometimes you may have to wait for an attempted exploit to finish… Feel free to message me if you need a bigger nudge

So In US Dante2 I have sent multiple requests to reset the lab, people have left behind their webshells and exploit files, ruining the experience for others. Have sent at least a dozen requests to reset the lab and nothing. Anyone else experienced this?

Type your comment> @BaddKharma said:

So In US Dante2 I have sent multiple requests to reset the lab, people have left behind their webshells and exploit files, ruining the experience for others. Have sent at least a dozen requests to reset the lab and nothing. Anyone else experienced this?

The lab resets nightly. I know there are at least 2 boxes I can think of that have stuff already on them by design, or just were never removed by creators.

For whoever was assigned IP address 10.10.14.5 in US Dante 1, you are an a** for stripping the entire wordpress site for your reverse shell. If you have to deface a customer product in your pentest you are doing it wrong. You could tuck that code away anywhere on the half a dozen other locations or pages, but nope. You chose to overwrite the main Web Page.

Alright… after literally a week of trial and error i have the first 2 flags on the .100 node and i’m finally ready to move on with my enumeration.

I will say this without spoiling anything; the information you will likely find first will lead very quickly to the first 2 flags
Anyone that needs a nudge feel free to message me.

And now for reasons I still don’t understand just as SOON as i find the foothold for some reason the machine and ports go down. This is such a fickle environment we’re working with here i swear.

Is anyone else having issues with that .102 webpage being extremely slow, bordering on unusable ?

PS nevermind it unfu**ed itself :slight_smile: