Official Academy Discussion

Spoiler Removed

Wow web apps are really not my thing. Using the bodily function program on the second login page but whichever of the 3 parameters I change do nothing, am I being stupid?

Could anyone please PM me hint for user?

I’m going crazy looking for a needle in the haystack on the root path. Can any one give me a hint on PM?
Thanks for advance!

PD: Rooted. thanks everyone who help me ! :slight_smile:

Rooted, simple and straight forward. Has anyone done it without ms** ? I interested to discuss. I had troubles with some libraries.

Rooted, feel free to PM for a hint but be prepared to tell me what you’ve tried

Got 2-nd user. It has a privilege to read smth special, but needs lots of greps. People write above that it can be done without greps and lesses. I suppose it is a useful util or command to be aware off. So If anybody aware of it, dm me pls!

@MRwatch0xff That’s what iam trying to do two days now, but nothing :frowning:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

Type your comment> @alphaomega said:

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

Got it!
It needs something else thrown into it

Did someone change the fcking user flag?

@petrostheol said:

Did someone change the fcking user flag?

The flags change on every reboot.

Type your comment> @alphaomega said:

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

I am still stuck on this as well…any hints appreciated ^^

Edit: Got it!! Thanks

I am still stuck on this as well…any hints appreciated ^^

you are probably missing one of the parametres of the exploit, try googling the one you are not using

I’ve gotten user but am struggling to get to 2nd user. Looking for nudges. Spend several hours looking through logs at this point and am obviously missing something

I’m having major DNS issues. When I try to go to the subdomain I get a host not found error. I had to put the root domain into my hosts files to even get it to start working in the beginning – has anyone else solved this issue?

@MazerRac said:

I’m having major DNS issues.

It probably isn’t DNS on HTB (although I haven’t looked at this box yet so I dont know for sure)

When I try to go to the subdomain I get a host not found error.

This means it cant find the IP address in your hosts file.

I had to put the root domain into my hosts files to even get it to start working in the beginning – has anyone else solved this issue?

If you put

10.10.10.10    example.com

In your hosts file, when you visit subdomain.example.com, you will get a failed lookup because each entry needs to be in.

To solve this, you’d need something like:

10.10.10.10    example.com subdomain.example.com

@TazWake Thanks for the pointer. I didn’t realize the didn’t have any kind of DNS running – I just assumed the VPN subnet would have a DNS server pushed through to the clients. I thought I was just helping out the DNS server the first time. Adding the subdomain fixed everything. Good to know going forward; thanks again!

@TazWake said:

It probably isn’t DNS

It’s always DNS :stuck_out_tongue:

/me ducks and runs

But yeah, sometimes the name resolution is a bit wonky. Especially with Chrome/Chromium. Don’t explicitly state which protocol to use, and 80% of the time it doesn’t even bother trying to resolve the hostname and simply takes it as Google search term :@