Official Laboratory Discussion

@tyrantwave said:

Have user, but flag doesn’t submit - even after a reset.

@nourmuj said:

Have user, but flag doesn’t submit

@Embargo said:

i got a user flag but it doesn't submit
last reset < 1 hour

This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Type your comment> @TazWake said:

@tyrantwave said:

Have user, but flag doesn’t submit - even after a reset.

@nourmuj said:

Have user, but flag doesn’t submit

@Embargo said:

i got a user flag but it doesn't submit
last reset < 1 hour

This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

i can now submit the flag (Y)

Finally, I got root!

How do i run the G***** R**** C******, my reconfigure errors out…

Type your comment> @KonEcho said:

How do i run the G***** R**** C******, my reconfigure errors out…

same

Type your comment> @KonEcho said:

How do i run the G***** R**** C******, my reconfigure errors out…

On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

Type your comment> @sparrow1 said:

On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

I currently installed the exact version D***** i**** of it on kali…do i have instead manually install it ?..Appreciate the help

Type your comment> @KonEcho said:

Type your comment> @sparrow1 said:

On my Parrot I installed G***** in exactly the same version as in laboratory.htb from all-in-one package on project website. Reconfigure wents smoothly and I have g*****-r**** command in my PATH. I needed to start with sudo.

I currently installed the exact version D***** i**** of it on kali…do i have instead manually install it ?..Appreciate the help

Well I couldn’t quite grasp packaging in my distro and it was different version anyway, so I went with upstream .deb package.

Root obtained - that was not an easy box!

A medium at least IMO, and the requirements for foothold I think are a bit too involved for an easy. (And my VM complained hard and crashed a lot trying to do the thing…)

Well… finally rooted this beast, but oh well, it was a hectic ride with lot’s of problems spawning instance (random HTB problem for VIP+ or globally :(), with unstable G***** stuff (where sometimes same command works and then it won’t work; or you have to spawn locally G****** for some stuff) and overall “anger management”. :stuck_out_tongue:

Overall IMHO this isn’t an easy machine, at best it’s medium and such… Don’t get me wrong, it is a cool machine where you learn nifty stuff about G******. Also, I do understand that I have much to learn (so for some ppl it’s “peace of cake” machine), but boy oh boy it was a pain

Anyhow, thanks to the creator for the new stuff I learned with this box!!! :wink:

Rooted!
The box is easy and pretty straight forward, but you need to work on it;
Foothold: Recreate the environment in order to get r*e. Should be 2 commands in the host version (not docker). Test it first, but remember that not all default binaries are there.
User: If you can’t crack it, change it. Please restore/reset the machine.
Root: It’s in that list. Look carefully, because it is easy.

Type your comment> @zweeden said:

a chain of them.

an exploit chain for an easy machine - that is new

@TazWake said:

This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and
[…]
This isn’t something that can be fixed by the forum or by tips from other users.

I suppose you have a keyboard shortcut for routinely pasting this to the forum by now. :wink:

Can someone PM me a hint for the palyload I have to use?
Already tried a ton of options, was able to verify that some of them executed fine, but I am unable to setup a reverse shell :frowning:

@cool4coder said:

I suppose you have a keyboard shortcut for routinely pasting this to the forum by now. :wink:

THat would be too sensible, I just search and copy the previous messages :smile:

Type your comment> @TazWake said:

@tyrantwave said:

Have user, but flag doesn’t submit - even after a reset.

@nourmuj said:

Have user, but flag doesn’t submit

@Embargo said:

i got a user flag but it doesn't submit
last reset < 1 hour

This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

This wasn’t the issue with this box.
I’m VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
Two types of payloads. Without resetting I ended up with two different root hashes.
I can’t really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

FTR one method worked the other didn’t

Man, I rage purged g**** from my machine after it crashed my box several times during installation. The last crash pushed me over the edge. Eff this box.
This is too much for me for a supposedly easy machine.

I laughed.

@PrivacyMonk3y said:

This wasn’t the issue with this box.
I’m VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
Two types of payloads. Without resetting I ended up with two different root hashes.
I can’t really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

FTR one method worked the other didn’t

That feels like something HTB should be notified about so they can fix the bug.

I got a user, but I don’t understand where to move towards the root