Official Reel2 Discussion

to whom it may concern:

just because something is possible doesn’t mean you should do it.

please stop changing passwords for accounts other players are dependent on!

Rooted. A little bit ez box, a little bit hard box. If you need some help, DM me.

Hint: you have to learn powershell very good. If you have admin creds, you cant get user.txt. So, please “step by step”

this was by far the hardest machine i have ever played on HTB.
i couldn’t have done it without the knowledge and patience of @acidbat .

for me, with Windows machines there is often the additional burden of having to read Microsoft-written documentation… which just always gives me the creeps :tired_face:

still, i learnt a lot :smile:

tack så mycket @cube0x0

Does way to connect from Linux to Reel2 exist?
I don’t have winbox at now.

Type your comment> @fr0ster said:

Does way to connect from Linux to Reel2 exist?
I don’t have winbox at now.

Sure does mate :slight_smile:
Kali has even a powershell version you can use for it

Type your comment> @acidbat said:

Type your comment> @fr0ster said:

Does way to connect from Linux to Reel2 exist?
I don’t have winbox at now.

Sure does mate :slight_smile:
Kali has even a powershell version you can use for it

You need install gss-ntlmssp and use Authentication Negotiate for connection

Rooted Reel2! What a huge challenge! If you need a nudge, just DM me.

All I have been able to do is read the flag. it’s all that is possible thru that “obvious” route anyway, if anyone of yous has gotten a root shell I’d love to hear about it (as in please provide a hint on how to get it). The usual 2cents:
User: fuzz thoroughly, brute force, then leak a hash - with something also used to abuse name resolution
Root (flag): stay where you are, the key is there

Anyone else having an issue with the shell crashing?

Finally rooted the machine.
This box is definitely the most difficult box I have done so far(also it was a windows box which made it more difficult for me)

User: Enumerate all the ports that you find. Get in, meet everyone there and then try to create a suitable name for them. One of the user is giving up too much info. Get inside the other side. Go for fishing. get it and crack it.
Powershell for linux does exist

Root: Wherever you land, read the files they will definitely give something.
encodings are important. Getting shell is not always the way.

Thanks @xaif7aLe for helping me get through this box and @FelisLeo for the help with initial foothold and user

PM if you need any help

User flag is broken

Is it a system problem? I got the flag, but I got an error when I submitted it, and reset did not solve the problem.

(My English is not good, this is a translation

@darkwingnya said:

Is it a system problem? I got the flag, but I got an error when I submitted it, and reset did not solve the problem.

(My English is not good, this is a translation

This is a semi-regular topic on the forums. The dynamic hashes used by HTB mean that every time a box is reset, or VPN switched etc, a new hash is generated. There are occasions where the new hash isn’t set properly and this cant be fixed by bruteforcing the old hash you have.

The options are:

  • Report it to HTB as a Jira ticket and get them to fix the problem.
  • Wait, it normally resolves itself after a while but if its a box where people are constantly resetting it, it may never fix itself. You will need to re-exploit it to get a new hash when it is fixed, so make sure you kept notes.

This has been going on for quite a few months now. HTB will not change its stance on the dynamic hash as they get very few reports of problems but have successfully identified lots of “flag sharing” and other rule violations. Sadly, despite dynamic hashes being in use since March, there are still people selling/trading flags, so this isn’t going to change.

Type your comment> @TazWake said:

@darkwingnya said:

Is it a system problem? I got the flag, but I got an error when I submitted it, and reset did not solve the problem.

(My English is not good, this is a translation

This is a semi-regular topic on the forums. The dynamic hashes used by HTB mean that every time a box is reset, or VPN switched etc, a new hash is generated. There are occasions where the new hash isn’t set properly and this cant be fixed by bruteforcing the old hash you have.

The options are:

  • Report it to HTB as a Jira ticket and get them to fix the problem.
  • Wait, it normally resolves itself after a while but if its a box where people are constantly resetting it, it may never fix itself. You will need to re-exploit it to get a new hash when it is fixed, so make sure you kept notes.

This has been going on for quite a few months now. HTB will not change its stance on the dynamic hash as they get very few reports of problems but have successfully identified lots of “flag sharing” and other rule violations. Sadly, despite dynamic hashes being in use since March, there are still people selling/trading flags, so this isn’t going to change.

Thanks, just tried again and got a new hash, it worked

Is getting hash using r********r the right path? I am sure I send an appropriate mail but i get nothing back.

Hope i don’t spoil too much

Rooted, yea… wasn’t the best. Then again I just hate windows boxes so maybe that’s just me. I did really like Blackfield though so I had high hopes coming here.

Type your comment> @LMAY75 said:

Rooted, yea… wasn’t the best. Then again I just hate windows boxes so maybe that’s just me. I did really like Blackfield though so I had high hopes coming here.

2 different machine makers, so I guess naturally it would be a different approach\challenge :slight_smile:
I’m the other way around, I enjoy the Windows machines more so than Linux.
We all have our preferences :slight_smile:

Type your comment> @acidbat said:

Type your comment> @LMAY75 said:

Rooted, yea… wasn’t the best. Then again I just hate windows boxes so maybe that’s just me. I did really like Blackfield though so I had high hopes coming here.

2 different machine makers, so I guess naturally it would be a different approach\challenge :slight_smile:
I’m the other way around, I enjoy the Windows machines more so than Linux.
We all have our preferences :slight_smile:

Yea see maybe its just me :slight_smile: glad you enjoyed it, I don’t wanna tear cube down of course

So I get I am late to the party on this box, but is it super slow to respond or have I broken something?

I have access via the web portal but when I click on things to compose new stuff it takes about 5 minutes for anything to happen.

EDITED TO ADD:

A reset improved things but it is still a really slow box.

Type your comment> @TazWake said:

So I get I am late to the party on this box, but is it super slow to respond or have I broken something?

I have access via the web portal but when I click on things to compose new stuff it takes about 5 minutes for anything to happen.

EDITED TO ADD:

A reset improved things but it is still a really slow box.

Yeah I had the same issues (even on VIP).
Sometimes the website was not responsive at all - so I ended up changing servers which helped.
I also changed browsers

(from firefox to chromium) which improved a little bit - but Chromium didn’t have some features (plugin perhaps?) that was required which firefox had.

I wouldn’t think you have broken anything (but that depends of course :P) - bruteforcing over long period of time would potentially kill the site