Official Doctor Discussion

Am I the only one receiving error 500 on a certain page? How can I fix this?

@fatima1997 said:

Am I the only one receiving error 500 on a certain page? How can I fix this?

A 500 implies that the server is broken. It could be that someone has made a request it can never finish (this often happens when people use the PentestMonkey webshell but dont configure it correctly).

It could also mean that you need to reset the box to fix it.

root@doctor:/root# id
id
uid=0(root) gid=0(root) groups=0(root)
root@doctor:/root# whoami
whoami
root

Finally I did it :slight_smile:

Regarding 500 on certain page - probably previous action you made didn’t go well with the server, maybe you should go back and change something.

I loved the foothold, took me a minute to figure out, but simple recon tells you how to make it work.

User: definitely make sure to read the output of your tools! I didn’t and it made this take a lot longer than it needed to.

Root: I knew what I needed to do from the first step of my recon, but doing it actually took me two hours of bashing my head on the wall. I ended up trying two of the available and relevant scripts but the quiet one never seemed to execute my payload under any circumstances and the caver only worked after a machine reset. I wonder if something was subtly breaking the relevant service in the process of exploitation? From watching ps on the box I know a lot of people were trying the quiet one, haha.

The hash isn’t working

Wrong hash

But from user.txt

@Spl01ter said:

The hash isn’t working

This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Took me way longer than I had hoped, but enjoyed it. The hint in the machine image was clear to me, but it still took me almost forever to find what I was looking for with it. I went way overboard with analysing those things, but it just ended up being an extremely obvious (and unexpected) surprise right in front of me. I can see how someone might lose hours on this, and someone else spots it right off the bat. Took me three days.

Could someone DM me a nudge for the initial foothold, I have found the me****ing app and have made an account. I have found something also I think I can exploit as a particular page is giving back to me what I leave but im not sure where to go from here! Any help would be great!

Just rooted. the foothold was the most hard part in the box.
DM for clues but tell me your progress first.

Just rooted. This is my first machine in HTB. Definitely not easy in my (beginner’s) opinion.
Learned a lot of things.
Good luck for the others :slight_smile:

Rooted!

foothold is the hardest part by far, past that is just enum and google fu.

Although reading the forum there is two ways to get the foothold? Could I PM someone about the second way?

pm if you need hints

I got that it’s mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

Please PM if you have any hints, I’m likely missing something staring me in the face.

@rtm516 said:

I got that it’s mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

Assuming you got have the correct letters for ** in that bit, then it is likely that you haven’t fully enumerated the pages to see what happens when you submit.

User: Look for the contact info.
Root: Checkout what you initially found during recon.

Rooted!
I think characterizing this as an easy box is probably right.
DM for help :slight_smile:

Type your comment> @rtm516 said:

I got that it’s mean to be S**i but no idea where to go from here. I have tried all sorts of characters in almost every box with no visible issues anywhere.

Please PM if you have any hints, I’m likely missing something staring me in the face.

I’m the same with you, have you solved? can you nudge me a little?

Stuck in S**I for a day, I can’t found anything more. if someone could nudge me, I will be very appreciative.

I’ve been banging my head against this for hours now. I can’t find anything other than the Splunk Forwarders page. Any nudge would be greatly appreciated.