Official Academy Discussion

@MazerRac said:

I’m having major DNS issues.

It probably isn’t DNS on HTB (although I haven’t looked at this box yet so I dont know for sure)

When I try to go to the subdomain I get a host not found error.

This means it cant find the IP address in your hosts file.

I had to put the root domain into my hosts files to even get it to start working in the beginning – has anyone else solved this issue?

If you put

10.10.10.10    example.com

In your hosts file, when you visit subdomain.example.com, you will get a failed lookup because each entry needs to be in.

To solve this, you’d need something like:

10.10.10.10    example.com subdomain.example.com

@TazWake Thanks for the pointer. I didn’t realize the didn’t have any kind of DNS running – I just assumed the VPN subnet would have a DNS server pushed through to the clients. I thought I was just helping out the DNS server the first time. Adding the subdomain fixed everything. Good to know going forward; thanks again!

@TazWake said:

It probably isn’t DNS

It’s always DNS :stuck_out_tongue:

/me ducks and runs

But yeah, sometimes the name resolution is a bit wonky. Especially with Chrome/Chromium. Don’t explicitly state which protocol to use, and 80% of the time it doesn’t even bother trying to resolve the hostname and simply takes it as Google search term :@

But yeah, sometimes the name resolution is a bit wonky. Especially with Chrome/Chromium. Don’t explicitly state which protocol to use, and 80% of the time it doesn’t even bother trying to resolve the hostname and simply takes it as Google search term

EDIT:
FFS, why does :@ hide the post’s content O.o

@HomeSen said:

@TazWake said:

It probably isn’t DNS

It’s always DNS :stuck_out_tongue:

/me ducks and runs
Lol - And I suppose you could argue this time it is the lack of DNS which causes the problem so its still a DNS problem.

Well, it’s the 101 of network troubleshooting:

  1. It’s always DNS
  2. If it’s not DNS, then the DNS server’s cable has probably been cut.
  3. Otherwise, refer to #1

This may sound really stupid… I got a foothold, trying to get user. I found creds for the Mys*l server. trying to login but it wont authenticate, is this a rabit hole or am i doing it wrong?

edit: got it :slight_smile:

question… I’m root, can do anything on the system. cat root.txt to grab the flag, but submitting the flag keeps saying error. So whats up

nvm, rebooted machine, cat flag again and its different flag. submitted :slight_smile:

Rooted

I really liked this box, especially the foothold. Its simple and easy enough for someone to know it when they see it but not immediately obvious. I have to say I agree on the rating. Nothings too complex, but if your new or have taken a break I can see why it might be challenging.

Hints:

foothold: enumerate. Maybe you cant see the way forward in your browser window and need another perspective. After that look for a way in. thanks to @LewisOSF for breaking me out of my tunnel vision

User 1: I took way to long on this. Search through everything but you shouldn’t have to go to far.

User 2: What’s special about this user? what can you do?

Root: Can’t really say a whole lot without giving it away. Its something that should come up in any enumeration.

feel free to PM for hints

Rooted!

Fun machine, it’ll make you feel silly fora while before you realize…
Root was very easy.

Note for those who didn’t finish yet,
Make sure your exploits are setup correctly and aren’t missing anything.
It’s way easier than what you think.

Ok so I must be stupid or smth.
I rooted the thing, got the hash from /root/root.txt
I copy that to # Own Root box and says the hash is wrong.
Am I missing something?
I mean I reached the end and I feel like this is a stupid question but nevermind.

Nice machine nonetheless.

@tsheva said:

Ok so I must be stupid or smth.
I rooted the thing, got the hash from /root/root.txt
I copy that to # Own Root box and says the hash is wrong.
Am I missing something?
I mean I reached the end and I feel like this is a stupid question but nevermind.

Nice machine nonetheless.

Flags are dynamic. And more often than not, the dynamic creation/refreshing seems to fail. Try the following:

  1. Reset the box
  2. Wait a moment (or two)
  3. Grab the new hash from root.txt
  4. Compare it to the one you got the last time
  5. When it’s different, submit it
  6. Should it be the same, wait a minute and try again. If it still doesn’t change, raise a trouble ticket at HTB’s JIRA: HTB Support on JIRA - News - Hack The Box :: Forums

Type your comment> @HomeSen said:

@tsheva said:

Ok so I must be stupid or smth.
I rooted the thing, got the hash from /root/root.txt
I copy that to # Own Root box and says the hash is wrong.
Am I missing something?
I mean I reached the end and I feel like this is a stupid question but nevermind.

Nice machine nonetheless.

Flags are dynamic. And more often than not, the dynamic creation/refreshing seems to fail. Try the following:

  1. Reset the box
  2. Wait a moment (or two)
  3. Grab the new hash from root.txt
  4. Compare it to the one you got the last time
  5. When it’s different, submit it
  6. Should it be the same, wait a minute and try again. If it still doesn’t change, raise a trouble ticket at HTB’s JIRA: HTB Support on JIRA - News - Hack The Box :: Forums

I see. Yeah I already tried to refresh it and it has been refreshed a couple of times.
I actually thought that the keys are refreshed each time the machine is being reset.
But it’s not happening since I am getting the same key since the first time I rooted.
I’ll wait a day or two and if it doesn’t fix I’ll raise a ticket.

Thanks for the help @HomeSen .

need a hint with root, going through /var/log but i can’t get clue to root this box.

Type your comment> @0xstain said:

need a hint with root, going through /var/log but i can’t get clue to root this box.

Are you going through /var/log with the user with user.txt in his home folder?

removed by user

Hello Guys and Gals,

Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

Many Thanks, Taz

@TaZ0w said:

Hello Guys and Gals,

Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling. My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

Many Thanks, Taz

I doubt that DNS enum/fuzzing will get you anywhere. You should rather investigate data you send to and receive from the server.

@TaZ0w said:

Could someone possibley help me with the Foothold - Ive found a bunch of stuff, tried some brute forcing, enum with Burp, Zap, Nikto, etc and still struggling.

Have you visited the site in a browser?

Have you run a directory busting tool? (I found gobuster better than dirb here but YMMV).

If the answer to both is “yes” then look into what happens when you create a new thing and see what you can modify. When you modify it in a way it still works, see if you can now access one of the other things you should have found.

My weak point is defiantly DNS Enumuration so this could possibly be my weakness here.

HTB doesn’t tend to use DNS.

Many Thanks, Taz

Hi :smile: