Official Academy Discussion

@TazWake said:
This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work.

reboot issued from a root-shell doesn’t change user.txt and root.txt. If you need new flags you have got to issue a reset from htb’s webinterface. Imho htb should communicate the flag-problem in the forum and pin it to the top.

@cool4coder said:

reboot issued from a root-shell doesn’t change user.txt and root.txt.

People shouldn’t be doing this.

If you need new flags you have got to issue a reset from htb’s webinterface.

Really this is the only way boxes should be reset.

Imho htb should communicate the flag-problem in the forum and pin it to the top.

I totally agree.

However, from HTB’s perspective there isn’t a flag problem. Several hundred people submit flags every day, about 10 a week mention it in the forums and I think even less report it to HTB. I dont believe they are aware that it is really a problem. Hopefully, if more people report it, they will review how it works.

Thanks for your help @arobot

Nice Box!! Thanks to creators.

For those whole are struggling for root - first understand the linux L** features. (Maybe you wont be in need of grepping and lessing)

Type your comment> @mrg3ntl3m4n said:

I’m stuck after get admin page and found the hidden place, any nudges?

this is hint for yourself. :slight_smile:

Must be completely blind, i don’t see where i could change something to get more rights…

Rooted!!
Easy and fun box.
My Hints:-
Foothold- basic enum with burp
user1- basic enum script
user2- it’s little difficult, look closely inside files, don’t forget your special group
root- believe me, it’s very easy

PM if you got stucked!!

One of the faster ones. Enjoyed it. After quite a bit of enumeration and understanding what’s involved, I quick script popped open a foothold shell. Pretty sure I was NOT supposed to see the “magical word” to get from one user to another user by looking at “what’s going on”. From that user to root was reasonably easy, I had expected much worse for a moment :wink: Thanks for the machine!

I am struggling with the foothold. I am getting redirected to http://acadmey.htb/. I have run go****er with multiple dictionaries. They are getting 302 error codes. I just want to make sure this is working correctly. Thanks

Type your comment> @reno42 said:

Must be completely blind, i don’t see where i could change something to get more rights…

Have you checked out the useful tool named after a bodily function?

Could anyone PM me some hints for lateral movement?

@mhmchung i will …

Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.

Thx, fun box.
I think there are more than enough hints here already, so I don’t really think it is any good giving more:)

Finally Rooted!

Feel free to PM me for nudges, as I found them especially helpful for this box.

Some hints you have probably seen before:

Foothold: If you haven’t found anything, look harder. There will be a value you can change to become privileged. (:
User1: As stated before, make sure you have the ability to recursively search through files upon files until you find what you’re looking for. Academy has all of the secrets you need.
User2: You are part of something, let it help lead you to a location that will hold everything you need. Google will be essential to find out how to use these files. You may not get it straight away.
Root: So easy, you don’t even need a hint for this one.

Try Harder!

First of all: thanks. this was one of the funniest box i’ve done in the last months…
Secondarily: this is one of those boxes that seems to have been built around the idea of making the attacker feel “uncomfortable”…
…but maybe better say “dumb”!
Take it this way: It’s definitely an easy machine, ok?!?
No major skills are needed, foothold is so ■■■■ evident that it’s impossible to say something without spoiling it.
User is right there, in plain sight.
Then you go down a clear path to root and you’ll eventually can get fooled for hours, like me, because you would never ever think that such a plain and easy path could be the right way…
If you’re dumb like me you’ll end up chaining and piping commands after commands, exploring every option of your favourite parsing/finder/regexp matcher…
Then you’ll eventually ask for help (thanks @mittermayr and @grag1337 ), but they’ll be rightly reluctant to tell you what’s obvious…
…then you’ll find out what’s obvious…and you’ll feel dumb. like me now.

That was such a nice box!
It feels great to finally have a decent easy box.
Congrats for the devs!

Type your comment> @jkana101 said:

Rooted. An OSCP-like box. Recommend for who gonna have OSCP exam

well this explains why I failed then :pensive:

jokes aside, IDK. stumped on user > 2nd user but i know what i need to look at. that part and the initial foothold exploit does seem OSCP-like but i doubt OSCP would require this much searching (or, likely, i’m doing it in an inefficient way.)

I would be really happy if someone could PM me with a little nudge. I’m going crazy here. :smiley:

I have found the magic page and used some of the info there which works, but after that I’m in trouble.

Can someone PM me im on the dev page and found the tool to use on it but not sure how to get past this point. I don’t want to spoil too much and i’m not sure what’s considered a spoiler bc foothold was straightforward.