Official Laboratory Discussion

Type your comment> @TazWake said:

@tyrantwave said:

Have user, but flag doesn’t submit - even after a reset.

@nourmuj said:

Have user, but flag doesn’t submit

@Embargo said:

i got a user flag but it doesn't submit
last reset < 1 hour

This comes up on every thread about once a week (Mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

This wasn’t the issue with this box.
I’m VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
Two types of payloads. Without resetting I ended up with two different root hashes.
I can’t really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

FTR one method worked the other didn’t

Man, I rage purged g**** from my machine after it crashed my box several times during installation. The last crash pushed me over the edge. Eff this box.
This is too much for me for a supposedly easy machine.

I laughed.

@PrivacyMonk3y said:

This wasn’t the issue with this box.
I’m VIP+ and ran into it. There is a reason and it might be a bug in all honesty.
Two types of payloads. Without resetting I ended up with two different root hashes.
I can’t really explain more without spoils but this one was for sure buggy and not just the dynamic hashing.

FTR one method worked the other didn’t

That feels like something HTB should be notified about so they can fix the bug.

I got a user, but I don’t understand where to move towards the root

initial foothold wasn’t easy (especially if you do not read the report carefully). after getting a rev-shell look what services you can access…
root was pretty easy :slight_smile:

pm for nudges

Not easy at all, especially foothold. You spend so much time on foothold that when it’s time to do user you’ve forgotten your name, imagine what this machine was about.
I enjoyed it still, kinda sadistic. Learnt a couple of things, realized I don’t know a couple of thousand. Thanks to those who gave me nudges, especially @earl12 who gave me the advice to use docker. Good luck everyone and HAVE FUN.

The single most important point I’d like to stress as well is to use docker :smiley: foothold was not easy at all, but after that it’s pretty smooth.

Anyone else getting syntax errors trying to generate the payload?

Type your comment> @ElleuchX1 said:

is it even working for you guys? i can’t even enter the g**** page anymore

I keep getting error 502 “Whoops, G***** is taking too much time to respond.” So you’re not allowed.

Anyone able to assist - I understand you need to recreate the webpage but not sure where to begin.

Hello,
Can any1 guide me in the right direction?

I create the d***** c****** file but i think i made some mistakes.

I wait for any msg in private.

Thanks

Rooted!

I can look back now and say nice machine and I learnt a lot about that service. Knowing the path to take and getting a shell was a lot more difficult than it should have been, but a great learningn experience. Thanks to @knuijsting for putting me back on the right path.

Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

Almost a day to get be able to access the webpage idk why
Otherwise great box
definitely not easy
uid=0(root) gid=0(root) groups=0(root),1000(dexter)

After 2 days of struggling with G****** C***** generation finally got root! The final part was pretty funny and learned a lot of stuff but the unreliability of the C***** generation nearly drove me insane

After a lot of trials and tribulations, I’ve gotten a shell. Poking around at the environment, and I think I might be completely lost.

Hi all, i found a bcrypt hash, for a certain user starting with ‘D’ I dont have much computing power, is it worthwhile attempting to crack it, if so should I use rockyou?

Hey , I am on this box for about 2 days now and going through this forum regularly
I can see we have to use docker somehow … The thing is I have no idea how it can be used
I wanted to ask you all how you learn about stuff u dont know already and have no idea about how or what u can do with these
Hoping to get some help in dm
Appreciate any help
thnk u

Type your comment> @Prjvl said:

Hey , I am on this box for about 2 days now and going through this forum regularly
I can see we have to use docker somehow … The thing is I have no idea how it can be used
I wanted to ask you all how you learn about stuff u dont know already and have no idea about how or what u can do with these
Hoping to get some help in dm
Appreciate any help
thnk u

I’m in the same spot, can anyone give me any nudge?

Thx