So In US Dante2 I have sent multiple requests to reset the lab, people have left behind their webshells and exploit files, ruining the experience for others. Have sent at least a dozen requests to reset the lab and nothing. Anyone else experienced this?
The lab resets nightly. I know there are at least 2 boxes I can think of that have stuff already on them by design, or just were never removed by creators.
For whoever was assigned IP address 10.10.14.5 in US Dante 1, you are an a** for stripping the entire wordpress site for your reverse shell. If you have to deface a customer product in your pentest you are doing it wrong. You could tuck that code away anywhere on the half a dozen other locations or pages, but nope. You chose to overwrite the main Web Page.
Alright… after literally a week of trial and error i have the first 2 flags on the .100 node and i’m finally ready to move on with my enumeration.
I will say this without spoiling anything; the information you will likely find first will lead very quickly to the first 2 flags
Anyone that needs a nudge feel free to message me.
And now for reasons I still don’t understand just as SOON as i find the foothold for some reason the machine and ports go down. This is such a fickle environment we’re working with here i swear.
For whoever was assigned IP address 10.10.14.5 in US Dante 1, you are an a** for stripping the entire wordpress site for your reverse shell. If you have to deface a customer product in your pentest you are doing it wrong. You could tuck that code away anywhere on the half a dozen other locations or pages, but nope. You chose to overwrite the main Web Page.
Just my $0.02… I think HTB is doing a bit of a disservice by advertising this lab as “beginner”. I think some folks without any experience go into it thinking it will be accessible material. I really enjoy engaging with people on the forums and helping someone who is stuck via DMs, but I have had a lot of people contact me asking me about every single step on the foothold box.
For those considering this lab, please know that you really need some experience. I would recommend doing all of the active Easy boxes on HTB first before jumping into this lab. If you are lost on the foothold box, there is a lot more challenging boxes in this lab. Look at the lab write-up and make sure you understand and have had some idea on how to tackle the areas they describe.
So In US Dante2 I have sent multiple requests to reset the lab, people have left behind their webshells and exploit files, ruining the experience for others. Have sent at least a dozen requests to reset the lab and nothing. Anyone else experienced this?
The lab resets nightly. I know there are at least 2 boxes I can think of that have stuff already on them by design, or just were never removed by creators.
No this wasn’t intentional or part of the challenge. This was a fellow subscriber. I don’t mind the occasional enum script or two in /tmp but this was a blatant disregard for anyone else. To be fair thought at least they didn’t replace the entire wordpress site, with a reverse shell page, effectively locking the main pivot box for anyone else, like I found this morning.
To be honest, I’m here because of an in-class assignment knowing full well my intutions are not where they need to be for a medium difficulty CTF lab when I don’t think my institution really looked at this from the angle of “several students ok but not great at PenTesting”.
In my defense, I’m also dealing with issues involving VPN connections to the network itself as well as a consistent issue with machine/port going down throughout the day; case in point this morning when my foothold port on the .100 node went down due to a potential DOS/Password Change and I lost a good several hours waiting for the machine to re-boot itself. Hopefully that I’ve gotten these first few flags now I’ll be able to navigate a bit better onto the network, however, if not, it’s not the end of the world.
@voodooraptor look at using sshuttle with the SSH creds you have found. You won’t be able to use nmap, but should be able to do manual enumeration from the pivot box.
@voodooraptor look at using sshuttle with the SSH creds you have found. You won’t be able to use nmap, but should be able to do manual enumeration from the pivot box.
@limelight thanks, yeah i already enumerated the other boxes, now I am trying to exploit them. I found some interesting info to know about user M and F but trying to figure out password for them. The website that I found them on seems to be broken there is no actual login page, I was going to attempt intruder against it but it seems to be broken.
Feel like I have smashed into a wall. I have rooted the below machines, but have yet to find the other network(s). Two of them have interesting entries, but nothing seems to bite when sweeping. Any nudge available without giving too much away?
Feel like I have smashed into a wall. I have rooted the below machines, but have yet to find the other network(s). Two of them have interesting entries, but nothing seems to bite when sweeping. Any nudge available without giving too much away?
Alright… after literally a week of trial and error i have the first 2 flags on the .100 node and i’m finally ready to move on with my enumeration.
I will say this without spoiling anything; the information you will likely find first will lead very quickly to the first 2 flags
Anyone that needs a nudge feel free to message me.
You think you can help me I got the first flag but I am stuck on the second initial flag
Hey guys, I’ve made some decent progress but I’m getting a bit caught up on initial shell on NIX02. I found the flag under the M* user and have tried enumerating known files. Could anyone provide a bump in the right direction?