Official Academy Discussion

yeah same got root flag like 3 hours ago, but it says incorrect flag when I try to submit it

Type your comment> @0xsp1d3r said:

Is something wrong with the box The Flags are not working !!!

I tried the user flag and had the same problem

@0xsp1d3r said:

Is something wrong with the box The Flags are not working !!!

@EX1TZER0 said:

yeah same got root flag like 3 hours ago, but it says incorrect flag when I try to submit it

@DavidWaugh said:

Type your comment> @0xsp1d3r said:

Is something wrong with the box The Flags are not working !!!

I tried the user flag and had the same problem

This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Now the hashes are correct on US VPN

Kind of stuck on root, can anyone point me to the right path please ?

I struggled a bit with getting the foothold. I found the method I was supposed to use in about 10 minutes, but I overlooked the part where you need to use a different sd. I spun my wheels there for a bit.

The path to root from foothold wasn’t bad. I was focused on the e***** user for too long though, but once I figure out my problem, I was good to go.

I don’t think I even grep’d much like people are saying. I just used a reporting tool that is present.

Root was easy. Just look at the usual stuff.

Nice box! Thanks!

@TazWake said:
This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work.

reboot issued from a root-shell doesn’t change user.txt and root.txt. If you need new flags you have got to issue a reset from htb’s webinterface. Imho htb should communicate the flag-problem in the forum and pin it to the top.

@cool4coder said:

reboot issued from a root-shell doesn’t change user.txt and root.txt.

People shouldn’t be doing this.

If you need new flags you have got to issue a reset from htb’s webinterface.

Really this is the only way boxes should be reset.

Imho htb should communicate the flag-problem in the forum and pin it to the top.

I totally agree.

However, from HTB’s perspective there isn’t a flag problem. Several hundred people submit flags every day, about 10 a week mention it in the forums and I think even less report it to HTB. I dont believe they are aware that it is really a problem. Hopefully, if more people report it, they will review how it works.

Thanks for your help @arobot

Nice Box!! Thanks to creators.

For those whole are struggling for root - first understand the linux L** features. (Maybe you wont be in need of grepping and lessing)

Type your comment> @mrg3ntl3m4n said:

I’m stuck after get admin page and found the hidden place, any nudges?

this is hint for yourself. :slight_smile:

Must be completely blind, i don’t see where i could change something to get more rights…

Rooted!!
Easy and fun box.
My Hints:-
Foothold- basic enum with burp
user1- basic enum script
user2- it’s little difficult, look closely inside files, don’t forget your special group
root- believe me, it’s very easy

PM if you got stucked!!

One of the faster ones. Enjoyed it. After quite a bit of enumeration and understanding what’s involved, I quick script popped open a foothold shell. Pretty sure I was NOT supposed to see the “magical word” to get from one user to another user by looking at “what’s going on”. From that user to root was reasonably easy, I had expected much worse for a moment :wink: Thanks for the machine!

I am struggling with the foothold. I am getting redirected to http://acadmey.htb/. I have run go****er with multiple dictionaries. They are getting 302 error codes. I just want to make sure this is working correctly. Thanks

Type your comment> @reno42 said:

Must be completely blind, i don’t see where i could change something to get more rights…

Have you checked out the useful tool named after a bodily function?

Could anyone PM me some hints for lateral movement?

@mhmchung i will …

Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.

Thx, fun box.
I think there are more than enough hints here already, so I don’t really think it is any good giving more:)