Official Academy Discussion

1568101117

Comments

  • rooted the box and learnt a lot of new stuff. the flag submission keeps giving the incorrect flag error tho

  • I'm stuck on secret L****** error page. Tried gaining reverse shell using a known vulnerability, but no luck. No idea whether I am working in the right direction. Any nudges?

  • Type your comment> @iampachinko said:

    rooted the box and learnt a lot of new stuff. the flag submission keeps giving the incorrect flag error tho

    same, if you fix this can u tell me how u did?

  • @iampachinko said:

    rooted the box and learnt a lot of new stuff. the flag submission keeps giving the incorrect flag error tho

    @TeRMaN said:

    Type your comment> @iampachinko said:

    rooted the box and learnt a lot of new stuff. the flag submission keeps giving the incorrect flag error tho

    same, if you fix this can u tell me how u did?

    This comes up on every thread about once a week (mostly Mondays). HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • This was persisting through resets, with US, EU, and free servers, etc. Flag is always the same. I am filing a ticket now.

  • Type your comment> @svenkali said:

    This was persisting through resets, with US, EU, and free servers, etc. Flag is always the same. I am filing a ticket now.

    @iampachinko, @TeRMaN, Support seems to have fixed it already.

  • Finally Rooted the box. It was fun easy box.
    You just need to look very carefully for what you want and it will be right there.

    PM if you need help

  • Type your comment> @AHam1lt0n said:

    Anyone do the user part manually?

    Anyone get user manually instead of using msf*******? please PM me if you did. Just IMHO, I would say this is not OSCP like. I rooted and did a personal write up on every box in the public network during my lab time. The OSCP boxes are more like "find the exploit" enumerate, create your payload , find root vector own box. I only seen this method in the training .pdf in the 2020 version.

    Huejash0le

  • So I owned this machine and got root a few days back, but since then how I got in no longer works (was going back over my notes). Was how I got in a bug? (Using d**h) If so could someone share the intentional way of getting into this box as I can't work it out?

    You can check my HTB profile for proof: https://www.hackthebox.eu/home/users/profile/31434

  • @rtm516 said:

    So I owned this machine and got root a few days back, but since then how I got in no longer works (was going back over my notes). Was how I got in a bug? (Using d**h) If so could someone share the intentional way of getting into this box as I can't work it out?

    Drop me a PM - I dont know what d**h represents here so I cant give a veiled answer.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @0xsp1d3r said:

    Is something wrong with the box The Flags are not working !!!

    @EX1TZER0 said:

    yeah same got root flag like 3 hours ago, but it says incorrect flag when I try to submit it

    @DavidWaugh said:

    Type your comment> @0xsp1d3r said:

    Is something wrong with the box The Flags are not working !!!

    I tried the user flag and had the same problem

    This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

    If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

    Your choices are really:

    • Wait a while, repwn the the box and get a working a hash.
    • Report it to HTB via a jira ticket and get them to fix the problem.

    This isn't something that can be fixed by the forum or by tips from other users.

    I wonder how many tickets have been opened so far. This is the first time I had this experience. I tried resetting the box last night and even stopping it but I was still getting the same old hash that gave me the incorrect flag message.

    Hack The Box
    CISSP | eJPT

  • edited November 2020

    Privesc is def OSCP like. Common vector.

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# whoami
    root
    [email protected]:~#

    Huejash0le

  • A little stuck. Managed to get access to a dev thing, can't see anything immediately of use on there. Also found what I think might be a correct exploit but can't get it to work. Anyone able to give me a nudge? Having done two medium boxes in the past few days I'm a little bummed out about getting stuck here.

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • Type your comment> @JohnEagle said:

    A little stuck. Managed to get access to a dev thing, can't see anything immediately of use on there. Also found what I think might be a correct exploit but can't get it to work. Anyone able to give me a nudge? Having done two medium boxes in the past few days I'm a little bummed out about getting stuck here.

    The dev thing shows some stuff that's on the box, as well as extra information that's key to exploiting it.

  • Wow...just rooted and it is one of the few boxes that has made me post my thoughts and advice here:

    Foothold: not hard, simply enumerate carefully and do not dismiss anything. Pay close attention to what you see and interact. Once there, keep enumerating and read carefully.
    User 1: Again, enumeration is key, but don't go crazy.
    User 2: Easy to break your head over but pay attention to what you can read and its "appearance".
    Root: Pretty straight forward and the process is not new.

    I think this box is not...difficult but not exactly easy. I guess the biggest challenge is not falling for rabbitholes if you wanna call it that!

    Hack The Box
    CISSP | eJPT

  • Tried grepping, enum scripting and manually looking through everything the academy holds to get from foothold to user1 and am pulling my hair out. Guess I'll start again.

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • @JohnEagle said:

    Tried grepping, enum scripting and manually looking through everything the academy holds to get from foothold to user1 and am pulling my hair out. Guess I'll start again.

    You should have a list of potential users.

    If you look closely in the folder which holds the site, you might find something useful.

    Remember when you find loot, you should always check to see if it has been reused.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2020

    Type your comment> @TazWake said:

    @JohnEagle said:

    Tried grepping, enum scripting and manually looking through everything the academy holds to get from foothold to user1 and am pulling my hair out. Guess I'll start again.

    You should have a list of potential users.

    If you look closely in the folder which holds the site, you might find something useful.

    Remember when you find loot, you should always check to see if it has been reused.

    That's what I've been doing. Guess it's time to get the magnifying glass out.

    EDIT: Nevermind, found it within about 3 seconds.

    EDIT: Rooted. Funny isn't it, you can spend ages stuck on a couple of bits and then absolutely fly through.

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • which wordlists do you use to find the admin dir ?
    with dirb i didn't find it with commun and with big wordlist
    thanks

    footholder :
    _find the secret dir
    _use burp to have the good user

    user1 :
    enumerate near where you are

    user2 :
    in which group are you ?

    root :
    the classic step in linux

  • @3LI said:

    which wordlists do you use to find the admin dir ?
    with dirb i didn't find it with commun and with big wordlist
    thanks

    Nikto is useful but it should be in both those wordlists. Not sure I'd have called it a dir though.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • also in the CVE exploit in general what is vhosts ?
    thanks

  • @3LI said:

    also in the CVE exploit in general what is vhosts ?
    thanks

    Normally its a way of allowing a server to host multiple domain names. It means a server can host example1.com, example2.com etc and serve diferent content based on the hosts part of the HTTP request.

    In some instances it is the same as the hostname you want to hit.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @AHam1lt0n said:

    Type your comment> @AHam1lt0n said:

    Anyone do the user part manually?

    Anyone get user manually instead of using msf*******? please PM me if you did. Just IMHO, I would say this is not OSCP like. I rooted and did a personal write up on every box in the public network during my lab time. The OSCP boxes are more like "find the exploit" enumerate, create your payload , find root vector own box. I only seen this method in the training .pdf in the 2020 version.

    I would also like to join the discussion about manually doing it after having done it with msf... I found some stuff on github but I can't seem to get it to work.

  • Type your comment> @bashsupremacy said:

    I would also like to join the discussion about manually doing it after having done it with msf... I found some stuff on github but I can't seem to get it to work.

    Funny enough, I can connect only with a script found on github and not with the msf exploit. Problem is, depending on how you grep, sometimes the reverse shell crashes.

    I cannot move from the user you land into to the 2nd user. Well probably I need some rest :)

  • Stuck on the L****** page, I think I know the way but could use some nudging if anyone has time. Web exploitation isn't my forte but I've learned a lot so far.

  • @rootcollector said:

    Stuck on the L****** page, I think I know the way but could use some nudging if anyone has time. Web exploitation isn't my forte but I've learned a lot so far.

    Double check to see if there are any exploits.

    searchsploit TECHNOLOGYNAME is useful in Kali. Or you can try search TECHNOLOGYNAME in metasploit.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • any hint what to look for in the admin Page?

  • Rooted!
    PM me for nudges. But first tell me what you have tried.

  • @mrdos said:

    any hint what to look for in the admin Page?

    Almost all of it. Something hasn't been done and people are mentioned.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Just rooted Academy. It was a great box, IMO not an easy one. Lateral movement from user1 to user2 can take a long time. Check from which group user1 is a member of and what that group is meant for, it helps me to point to the location you have to search. Check that location and you will see an interesting directory and with Google, you can learn what you have to search for and how.

    If you still need a nudge, just DM!

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

Sign In to comment.