Dante Discussion

Is anyone else having issues with that .102 webpage being extremely slow, bordering on unusable ?

PS nevermind it unfu**ed itself :slight_smile:

Type your comment> @BaddKharma said:

For whoever was assigned IP address 10.10.14.5 in US Dante 1, you are an a** for stripping the entire wordpress site for your reverse shell. If you have to deface a customer product in your pentest you are doing it wrong. You could tuck that code away anywhere on the half a dozen other locations or pages, but nope. You chose to overwrite the main Web Page.

Just my $0.02… I think HTB is doing a bit of a disservice by advertising this lab as “beginner”. I think some folks without any experience go into it thinking it will be accessible material. I really enjoy engaging with people on the forums and helping someone who is stuck via DMs, but I have had a lot of people contact me asking me about every single step on the foothold box.

For those considering this lab, please know that you really need some experience. I would recommend doing all of the active Easy boxes on HTB first before jumping into this lab. If you are lost on the foothold box, there is a lot more challenging boxes in this lab. Look at the lab write-up and make sure you understand and have had some idea on how to tackle the areas they describe.

1 Like

Type your comment> @0PT1MUS said:

Type your comment> @BaddKharma said:

So In US Dante2 I have sent multiple requests to reset the lab, people have left behind their webshells and exploit files, ruining the experience for others. Have sent at least a dozen requests to reset the lab and nothing. Anyone else experienced this?

The lab resets nightly. I know there are at least 2 boxes I can think of that have stuff already on them by design, or just were never removed by creators.

No this wasn’t intentional or part of the challenge. This was a fellow subscriber. I don’t mind the occasional enum script or two in /tmp but this was a blatant disregard for anyone else. To be fair thought at least they didn’t replace the entire wordpress site, with a reverse shell page, effectively locking the main pivot box for anyone else, like I found this morning.

To be honest, I’m here because of an in-class assignment knowing full well my intutions are not where they need to be for a medium difficulty CTF lab when I don’t think my institution really looked at this from the angle of “several students ok but not great at PenTesting”.

In my defense, I’m also dealing with issues involving VPN connections to the network itself as well as a consistent issue with machine/port going down throughout the day; case in point this morning when my foothold port on the .100 node went down due to a potential DOS/Password Change and I lost a good several hours waiting for the machine to re-boot itself. Hopefully that I’ve gotten these first few flags now I’ll be able to navigate a bit better onto the network, however, if not, it’s not the end of the world.

Hi Can anybody offer a hint regarding priv esc on nix02. Have full shell on M user and working creds for F user but not seeing a way forward. Thanks

1 Like

@richeze I got stuck where you are FOREVER it felt. Make sure you know everything that is going on/happening on the system. Feel free to DM

To whomever is deleting flags please know you are an aho !
Sincerely.

And yes, I’m talking about a flag that was there earlier but didn’t submit right away and was gone when I returned.

1 Like

any nudges for initial, got first flag but at a standstill with wp

@voodooraptor look at using sshuttle with the SSH creds you have found. You won’t be able to use nmap, but should be able to do manual enumeration from the pivot box.

Type your comment> @limelight said:

@voodooraptor look at using sshuttle with the SSH creds you have found. You won’t be able to use nmap, but should be able to do manual enumeration from the pivot box.

@limelight thanks, yeah i already enumerated the other boxes, now I am trying to exploit them. I found some interesting info to know about user M and F but trying to figure out password for them. The website that I found them on seems to be broken there is no actual login page, I was going to attempt intruder against it but it seems to be broken.

Hey everyone,

I am currently stuck on the first foothold - I have tried everything I can think of with no luck. Is anyone able to give me any hints? Cheers

anyone have a nudge for where to look after rooting admin-dc02 and nix07?

Feel like I have smashed into a wall. I have rooted the below machines, but have yet to find the other network(s). Two of them have interesting entries, but nothing seems to bite when sweeping. Any nudge available without giving too much away?

DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03

Type your comment> @smugglebunny said:

Feel like I have smashed into a wall. I have rooted the below machines, but have yet to find the other network(s). Two of them have interesting entries, but nothing seems to bite when sweeping. Any nudge available without giving too much away?

DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03

Which of these boxes would you think might have connectivity to ‘admin’ machines listed on the lab write up?

Type your comment> @LostatSea said:

Alright… after literally a week of trial and error i have the first 2 flags on the .100 node and i’m finally ready to move on with my enumeration.

I will say this without spoiling anything; the information you will likely find first will lead very quickly to the first 2 flags
Anyone that needs a nudge feel free to message me.

You think you can help me I got the first flag but I am stuck on the second initial flag

Hey guys, I’ve made some decent progress but I’m getting a bit caught up on initial shell on NIX02. I found the flag under the M* user and have tried enumerating known files. Could anyone provide a bump in the right direction?

Type your comment> @austincoats said:

Hey guys, I’ve made some decent progress but I’m getting a bit caught up on initial shell on NIX02. I found the flag under the M* user and have tried enumerating known files. Could anyone provide a bump in the right direction?

Feel free to DM me and I can give you a nudge. Send me some info on files you have found.

Hi, is there anyone working on Dante these days? I am looking for someone wiling to share some ideas / cooperate / help each other. Just send me a PM.
I have already made some progress (40%), so I can share some info as well.
THX.

Type your comment> @limelight said:

Type your comment> @smugglebunny said:

Feel like I have smashed into a wall. I have rooted the below machines, but have yet to find the other network(s). Two of them have interesting entries, but nothing seems to bite when sweeping. Any nudge available without giving too much away?

DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03

Which of these boxes would you think might have connectivity to ‘admin’ machines listed on the lab write up?

@limelight I’m in the same situation. Can I DM you with specifics? (Trying not to spoil anything on this thread)

Type your comment> @0x00Name said:

Type your comment> @limelight said:

(Quote)
@limelight I’m in the same situation. Can I DM you with specifics? (Trying not to spoil anything on this thread)

Sure, feel free to DM where you are stuck.