Official Buff Discussion

Can anyone help me with the entry point? I will give details in DM. Thank you :smiley:

@3pointer said:

Im having the same issue as well. any ideas?

@biggmojo said:

I am also having this issue. I’ve tried both copying and hand-jamming the flag for my submission, and I’m still receiving “incorrect hash”.

This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Thanks for the information @TazWake! Hoping that the support ticket by @initDr does the trick. I’ll try again later tonight or tomorrow. Been working on obtaining root in the mean time.

Type your comment> @TazWake said:

@3pointer said:

Im having the same issue as well. any ideas?

@biggmojo said:

I am also having this issue. I’ve tried both copying and hand-jamming the flag for my submission, and I’m still receiving “incorrect hash”.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

I’ve seen Buff get voted for a reset at least twice in the last couple of hours so that might be the reason why as TW says.

Lol, that would make sense @DaShan3. I liked the old way where the boxes were just live and somebody couldn’t show up and change ownership, or turn your box off right in the middle of working on something :frowning: support never did fix the ticket i submitted last night either… im at work right now, but when I get home I’m gonna get back in and try again :slight_smile:

Type your comment> @initDr said:

Lol, that would make sense @DaShan3. I liked the old way where the boxes were just live and somebody couldn’t show up and change ownership, or turn your box off right in the middle of working on something :frowning: support never did fix the ticket i submitted last night either… im at work right now, but when I get home I’m gonna get back in and try again :slight_smile:

I’m very new here, but can find that frustrating. For this box it took me about three days to get the root flag and it was a matter of timing between resets and people doing their own thing to complete it as well. Good luck to you!

I’m new here too @DaShan3 and I’ve been shut out of the box twice in the last hour. I’m not sure why people keep voting to reset; the machine is fine.

Often it is people who are trying the wrong exploit but dont know how to troubleshoot so they revert the box to see if it will suddenly work.

Also people struggle to get a port forward working so revert the box thinking it is broken when the port is just closed.

Finally a lot of people have to revert the box because other people break the service they need to target and a reset is the only solution.

You can cancel reverts in the shoutbox - but it can be a pain to monitor this well enough that one doesnt sneak past.

@TazWake said:

[snip]
You can cancel reverts in the shoutbox - but it can be a pain to monitor this well enough that one doesnt sneak past.

I think I had it once that someone used a Greasemonkey script (or some kind of bot) to prevent others from resetting “their” box: You hit the reset button, and the reset got immediately canceled. Had to wait 2h (with occasionally trying to reset) before I could finally proceed with the box (since a certain service was broken beyond repair).

@HomeSen said:

@TazWake said:

[snip]
You can cancel reverts in the shoutbox - but it can be a pain to monitor this well enough that one doesnt sneak past.

I think I had it once that someone used a Greasemonkey script (or some kind of bot) to prevent others from resetting “their” box: You hit the reset button, and the reset got immediately canceled. Had to wait 2h (with occasionally trying to reset) before I could finally proceed with the box (since a certain service was broken beyond repair).

Ouch - that feels like a violation of the “sprit of the game”, if not the rules.

It is difficult to find a balance between people who dont know why their exploit isn’t working so reset (sometimes multiple resets) to see if that fixes it and people who know a critical service has failed and cant progress without it.

For me, some boxes feel like they’d be impossible on free servers.

Usually, those boxes are a lot more accessible (and usable), when you wait a few days.

I have problem. Connection timed out if I am trying to get back from the BUFF to my Kali machine using p*******e could anyone help?

@swiru95 said:

I have problem. Connection timed out if I am trying to get back from the BUFF to my Kali machine using p*******e could anyone help?

This might help.

Type your comment> @TazWake said:

@swiru95 said:

I have problem. Connection timed out if I am trying to get back from the BUFF to my Kali machine using p*******e could anyone help?

This might help.

Official Buff Discussion - #871 by HomeSen - Machines - Hack The Box :: Forums

Official Buff Discussion - #882 by skaggz - Machines - Hack The Box :: Forums

Official Buff Discussion - #884 by TazWake - Machines - Hack The Box :: Forums

Solved :slight_smile:

Hey,

I’m going to try and explain my problem as vaguely as possible without giving too much away, if that’s possible. It’s more of a script issue than a box issue.

I’ve found a python script to run however whenever I try to run it I get ‘Import error: no module named requests’ I’ve tried to install the requests but I get the error ‘package python-pip is not available, but is referred to by another package’

I have pip 20.1.1 installed on my machine.

I’m new to pentesting and have no experience with writing scripts.

When running it under the ‘python3’ command it throws out a few syntax errors.

Would anyone know where to start with this?

Thanks

Hi Audacity62,
I’d exactly the same issue after using a new version of KALI Linux. The problem is that Python2 is deprecated since a while and Kali comes with PIP3 as packet-manager for Python3. When you use an python2 exploit, like the one you found, that requires some dependencies you need to install PIP2 first. It’s not in the officially repos but I found a script that did the job.

curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py
(Source: linuxize.com)

Afterwards you can use pip to add the modules mentioned in your error message one by one.
Example: python -m pip install requests

Hope this helps.

Guyz i try everything and i can’t get reverse shell. With pk even with cl. I set listening to 4444 and when i send the exploit some characters appear after
Ncat: Listening on :::4444
Ncat: Listening on 0.0.0.0:4444
Ncat: Connection from 127.0.0.1.
Ncat: Connection from 127.0.0.1:59238.

and closes the connection. I set the exploit to give reverse shell to 5555 port but nothing. i have change the port of ssh to 4000 and at the pl**.exe i gave -p 4000 also. i have no firewall. with netstat i see all the ports i need open … :confused: any help will be appreciated.

@c0d3punk said:

Guyz i try everything and i can’t get reverse shell.

Double check the logic. It looks like your exploit is hitting nc rather than the server.

You forward port X to your local machine and have NC listening on port Y.

You then run the exploit against 127.0.0.1 port X which should include shell code to call back to your exernal IP on port Y.

If nc is being hit by your exploit, then the port forwarding isnt working or you aren’t pointing the exploit at the right port.

Done and Dusted! Thx @egotisticalSW nice easy and great refresher.

Hello guys,

I tried my best to make plink.exe work but I have a FATAL ERROR message.

I obviously started SSH service :

ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2020-11-13 13:00:35 EST; 1h 41min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 33246 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 33247 (sshd)
Tasks: 1 (limit: 9471)
Memory: 2.4M
CGroup: /system.slice/ssh.service
└─33247 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Nov 13 13:00:35 kali systemd[1]: Starting OpenBSD Secure Shell server…
Nov 13 13:00:35 kali sshd[33247]: Server listening on 0.0.0.0 port 22.
Nov 13 13:00:35 kali sshd[33247]: Server listening on :: port 22.
Nov 13 13:00:35 kali systemd[1]: Started OpenBSD Secure Shell server.

And tried all these commands:

plink.exe -P 22 -l kali -pw kali 10.10.14.12 -R 8888:127.0.0.1:8888

plink.exe -P 22 -v kali@10.10.14.12 8888:127.0.0.1:8888

plink.exe -ssh root@10.10.14.12 -R 8888:localhost:8888

Any suggestions on what should I do ? Thanks !!!