Official Laboratory Discussion

@TazWake said:

@msimonelli said:

Is the given IP address not resolving to a server intended or is it bugged atm? I have a way around it, but if I use the given IP it redirects to laboratory.htb which doesn’t have an IP address associated to

Have you added things to your hosts file?

No, should I have? (I don’t think I should need to?)

It’s a pretty common thing to need to edit your hosts file.

@tyrantwave said:

It’s a pretty common thing to need to edit your hosts file.

alright welp that fixed it but I’m still completely stuck on the actual challenge. any nudges?

@msimonelli said:

No, should I have? (I don’t think I should need to?)

google SNI, go back to your nmap scan

Can someone give me a little push in the right direction in pm’s?

i am getting 502 anyone else getting same error

I´ve found and registered for g****** and even found an potential RCE but I’m stuck… any hints, pm me, no spoilers. I can tell you what I’ve done.

You can send me a pm @dutchinho

@Jk3r said:
Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

did you find a way where to use those keys???

did you find a way where to use those keys???

Nope, still searching !

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

How did you use the keys? if u can help please

Rooted!
Definitely not an easy box. As usual foothold is harder than user and root. 502 error is for sure annoying and distracting.

Set up your own environment and it doesnt have to be via docker. Just simple standalone VM.
Big thanks to @PrivacyMonk3y

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

Type your comment> @PrivacyMonk3y said:

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

I managed to finally get the g*t user. Not sure what poc is!

Felt like I was on the verge of getting RCE but got so stuck I tried resetting the machine as a last resort, and now only 502 errors like others have mentioned. Is there a trick to getting around those?

Switched VPNs and I’m back in business. Although it doesn’t fix it for anyone on that original VPN.

I can get some file exfiltration, but not much more. Do I need to set up a local G***** instance and poke around it to see what files to take or is that a time waste? Cheers.

EDIT: afaik I can only grab files that the g*****-w** user has perms to view (or one of the g*****-xxxxx users)

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Hint:
Google basic commands research on G****-r**** C******.
You should think what to do with D *****
if you need something PM