Official Laboratory Discussion

Type your comment> @hb86125295 said:

Type your comment> @mrg3ntl3m4n said:

I got a shell and I’m in the c*******r but I don’t know that to do. Can someone PM me?

did you use sec***.yml key to get the shell?

I will PM you

Stuck at user d*****. Ran some Linux enum but couldn’t catch what I need. Can someone PM me for help?

Finally rooted. Rating of these machine is seriously misleading. While I would rate difficulties of user 4/10 and root 2/10 the foothold goes up to 11.

I think misleading ratings are detrimental to new users because they would expect something much simpler. I wonder how many newcomers just said F–it and dropped their interest altogether. Just compare this machine to Nest or OpenAdmin on one (easy) hand and Doctor and Blackfield on the other(hard). I understand that this is debatable coz what we know is easy and what we don’t know is hard. But c’mon - chaining exploits while installing full G***** suite is not f… easy.

To end this long rant-thank you @0xc45 for enjoyable machine and great learning experience. Looking forward to your next machine. Also thanks to @waza for great hint that allowed me to proceed.

stop in foothold
use CVE *** Access to limited information(/e**/pas***),but can’t get shell
I missing any important information
please PM me

i know about the G***** page but I can’t seem to get into it, can someone pm me with a nudge

The hardest easy machine I have ever made. But it’s been fun and I’ve learned some new things! Thanks @0xc45 !

The g***** only answer with error 502…

Would really appreciate a nudge on root. Everyone is saying it’s easy but I’m totally lost…

Hi! Does anyone have a tip for the user?

Finally rooted. I was stuck on root for hours. Felt really dumb once I finally figured it out. Thank you to @SpawnZii for confirming I was in the right spot. Feel free to message for nudges, but as always let me know what you’ve tried

can anyone help me with the initial foothold? pm me here or on discord
Krispee Karim#5177

Finally rooted.
Overall this box had a lot going on, I wouldn’t call it easy at all, especially for a newbie like me. got a lot of 502’s which stopped my progress.

Foothold required your own setup
User was right there in front of me but a couple of tries made me look for a different way (while the first option was correct…)
Root was fairly easy.

Learned a lot!

Thanks to all the users who helped me!

hi all, i am currently stuck at foothold. i do have a couple of working cve’s but nothing i could combine or chain for a rce yet. can someone pls pm for some assistance on how or where to proceed now. thanks

I have found G***** login/register pages. But both do not work: I get 422. Any suggestions? Should I create account to pass forward?

After gaining foothold:
Is that non-public file, which is apparently invalid, what is used to pivot to user? Or is that a red herring? (Because if so, I am stumped on how to figure out what is wrong with it!)

I really enjoyed this box but I have to agree with the previous comments regarding the rating. This was not an easy box.

Type your comment> @0xc45 said:

Good luck, have fun all!

Rooted, I’m going to hang myself, thank you :confused:

(you can pm me here or on discord : Peter Pan#9999)

Ok so I got the secret file.
Could use a little nudge here moving forward with the payload.

Thanks

Type your comment> @aimforthehead said:

Ok so I got the secret file.
Could use a little nudge here moving forward with the payload.

Thanks

I ran a Docker instance of same version G----b with much Google’ing and going through the docs since not familiar with its back-end operation. Takes time but you can re-create close enough to the same environment using that file you found. If you look at the headers there’s something unique in there that you can now forge. You’ve probably come across the bug report that got you that file, keep reading down the page. You’ll know it when you see it.

Foothold

The map will reveal the way.
For the rest…
On a completely unrelated note, @zot suggestion on pg 4 if fire.

User

Record are meant to be changed with the right console.

Root

If you blink twice you might miss it. No peas necessary.
What is it really doing?

There is already a ton of good stuff in this thread. I hope this helps someone.

PM for a nudge.