Don't give up buddy, if you found something answering you are close to the graal.
Thanks, I won't completely give up - I just needed a break (and passage helped!).
Yeah, at the moment I can send to the $thing and I can see a different response if I hit the wrong $thing or send the wrong data to it, but I cant seem to get the code to display the content of the response. Tiny bit frustrating but I think I've gone blind to any errors I've made.
Hopefully, fresh eyes tomorrow (or a day or two) will help.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Edit; yup just realized that was what everyone talked about on page #1 :P
Yeah - sadly that door got closed...
I have to admit it took me about 3 days to get user on this box. A mix of a typo I never noticed for a long time, it being really challenging and some things I just needed to learn, made it quite a steep journey.
I still haven't got round to rooting it - I had a look, couldn't see the easy button then got distracted by work.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I just got to read that documentation around g**C, i know nothing about that. Can i reasonnably think I'll get somewhere ?
Definitely! You're on the right track. I suggest having another read of the Usage section of the decrypted file and then searching for a certain Python module (g*****-****s) that will help you generate some code to use.
Yes that's what i did yesterday evening, it was easier than i thought. Still no user in sight though lol
Then I'm not sure how much this will help but if you've defined the service correctly using p******f you're almost there. You just need to write some code to interact with the g**C server. The main components are a channel (for the connection), a stub (to call the specific method) and content to pass to that method, the form the content should be in is hinted at in the document.
It's difficult to explain without giving too much away, you're welcome to PM me for a bit more of a nudge.
Thanks amigo, I think i got that to work, i stopped for the day after getting the client/server talk to work, foudn out the format to use etc... I'll carry one with the next stages tonight, good to know the user flag shouldn't be too far after that !
Finally completed it, i think that's my first insane box, what a marathon box, it never ends...
What's really hard is that at 2 points it requires a bit of guessing, so you may be doing the right thing, it's easy to stop if no positive outcome appears... while you're actually doing the right thing and just missing a bit of random trial and error.
Rooted...
...but with an enormous load of help from a friend who's definitely way better skilled than me.
I thought it would have been a good thing to try teaming up in order to learn better.
I'm not sure that it was a success, because i do not have understood all the passages, especially the g**c part, where I've got almost totally lost, and i just followd him on the thing.
Root was different. Here I got a grip on the path almost immediately, but i totally missed the "reflective" part.
I would like to say that i've learnt a lot, but it's not completely true. I trailed a lot and I still have to understand too many things.
This was such a great box! Thanks @MrR3boot & @R4J! User was very long, very fun, but in my comfort zone. Did remind me of travel, which was great, as I also really liked that box!
Getting root was less involved, but outside my comfort zone, so it took me some time and a helpful nudge from @nathantemplar! Thanks!
If someone wants a small nudge or a sanity check, feel free to send me a pm!
I've discovered the g*** client and the a***** s*** on p*** 8**3
I've found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.
So I have a python script sending the g***** request (this one take so much time...) then the RCE request and sometime it works but most of the time it doesn't...
I think that I'm missing something here and the time it worked was because I've used another user path but i can't figure out what I've forgotten...
If someone can DM me to provide some help that would be great
I've discovered the g*** client and the a***** s*** on p*** 8**3
I've found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.
So I have a python script sending the g***** request (this one take so much time...) then the RCE request and sometime it works but most of the time it doesn't...
I think that I'm missing something here and the time it worked was because I've used another user path but i can't figure out what I've forgotten...
If someone can DM me to provide some help that would be great
So, I managed to get some data, and then some more.
I managed to generate a "definition" and the according code from it. But whenever I try to send out simple stuff, I get back different exception responses from the box (with neither really making any sense). Any chance I could get a sanity on my definition from someone who already solved it?
User was a nightmare
If someone is blocked with velo**** on the GET request on stag*** you might need to check that the header has as first character a space
rooted. what a great box. took me a long time from start to finish, but I learned a lot along the way. I really like these multi-step boxes where each thing you unlock leads to the next. thanks @Xelinion for the advice on the root stage - your encouragement helped a lot.
Wow, not sure how much time i've spent on laser, time well spent, researching and learning a lot. With more or less effort and pain, i have overcome all steps by myself.
But now, i'm stuck, i think i'm in the right path... but i'm starting to doubt it.
I'm able to read the document, i've made a client to call service through g*** and i get response from server.
I get some errors during my tests that points me ("M**K" and "p****e" referenced in exceptions) towards the posible attack vector.
I've created some classes trying to get rev shell after the server unp****e them... but all i can get is a recurrent "Module is disabled" exception... and i'm not able to bypass it and no clue to continue... i think i need some help with that ¿any nudges?
Even stucked and without finished it, laser is already one of my favourite boxes in htb. Thanks @MrR3boot and @R4j for this nice work!
Wow, not sure how much time i've spent on laser, time well spent, researching and learning a lot. With more or less effort and pain, i have overcome all steps by myself.
But now, i'm stuck, i think i'm in the right path... but i'm starting to doubt it.
I'm able to read the document, i've made a client to call service through g*** and i get response from server.
I get some errors during my tests that points me ("M**K" and "p****e" referenced in exceptions) towards the posible attack vector.
I've created some classes trying to get rev shell after the server unp****e them... but all i can get is a recurrent "Module is disabled" exception... and i'm not able to bypass it and no clue to continue... i think i need some help with that ¿any nudges?
Even stucked and without finished it, laser is already one of my favourite boxes in htb. Thanks @MrR3boot and @R4j for this nice work!
I've decrypted the large file, and I'm attempting to generate the appropriate tool for the next part, but I'm getting exceptions from the server. Could someone review my code to let me know if I'm on the right track?
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Comments
@Caracal said:
Thanks, I won't completely give up - I just needed a break (and passage helped!).
Yeah, at the moment I can send to the $thing and I can see a different response if I hit the wrong $thing or send the wrong data to it, but I cant seem to get the code to display the content of the response. Tiny bit frustrating but I think I've gone blind to any errors I've made.
Hopefully, fresh eyes tomorrow (or a day or two) will help.
EDIT: progress at last!
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
can someone give me hints to get user? i got connection back but dont know what to do
Haven't started this machine yet, but looking at first bloods, it took 4min to get user ..
That must be the first for an Insane level machine..
Edit; yup just realized that was what everyone talked about on page #1 :P
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/
Such an excellent box! really enjoyed it.
PM for nudges, hints or sanity checks
¯\_(ツ)_/¯
@acidbat said:
Yeah - sadly that door got closed...
I have to admit it took me about 3 days to get user on this box. A mix of a typo I never noticed for a long time, it being really challenging and some things I just needed to learn, made it quite a steep journey.
I still haven't got round to rooting it - I had a look, couldn't see the easy button then got distracted by work.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I just got to read that documentation around g**C, i know nothing about that. Can i reasonnably think I'll get somewhere ?
eCPPT | OSCP
@lebutter said:
Definitely! You're on the right track. I suggest having another read of the Usage section of the decrypted file and then searching for a certain Python module (g*****-****s) that will help you generate some code to use.
Yes that's what i did yesterday evening, it was easier than i thought. Still no user in sight though lol
eCPPT | OSCP
@lebutter said:
Then I'm not sure how much this will help but if you've defined the service correctly using p******f you're almost there. You just need to write some code to interact with the g**C server. The main components are a channel (for the connection), a stub (to call the specific method) and content to pass to that method, the form the content should be in is hinted at in the document.
It's difficult to explain without giving too much away, you're welcome to PM me for a bit more of a nudge.
Thanks amigo, I think i got that to work, i stopped for the day after getting the client/server talk to work, foudn out the format to use etc... I'll carry one with the next stages tonight, good to know the user flag shouldn't be too far after that !
eCPPT | OSCP
Finally completed it, i think that's my first insane box, what a marathon box, it never ends...
What's really hard is that at 2 points it requires a bit of guessing, so you may be doing the right thing, it's easy to stop if no positive outcome appears... while you're actually doing the right thing and just missing a bit of random trial and error.
eCPPT | OSCP
Rooted...
...but with an enormous load of help from a friend who's definitely way better skilled than me.
I thought it would have been a good thing to try teaming up in order to learn better.
I'm not sure that it was a success, because i do not have understood all the passages, especially the g**c part, where I've got almost totally lost, and i just followd him on the thing.
Root was different. Here I got a grip on the path almost immediately, but i totally missed the "reflective" part.
I would like to say that i've learnt a lot, but it's not completely true. I trailed a lot and I still have to understand too many things.
echo start dumb.bat > dumb.bat && dumb.bat
doh!
This was such a great box! Thanks @MrR3boot & @R4J! User was very long, very fun, but in my comfort zone. Did remind me of travel, which was great, as I also really liked that box!
Getting root was less involved, but outside my comfort zone, so it took me some time and a helpful nudge from @nathantemplar! Thanks!
If someone wants a small nudge or a sanity check, feel free to send me a pm!
OSCP
Thanks for the feedback and Good work!
Learn | Hack | Have Fun
How one supposed to proceed with "blind" part of the journey?
My dream to send picture of my butt on my neighbour printer will finally come true !
Ok I need a hint here.
I've discovered the g*** client and the a***** s*** on p*** 8**3
I've found the vulnerability with velo**** and someone tipped me to use go**** to perform the POST request on stag*** coll******.
So I have a python script sending the g***** request (this one take so much time...) then the RCE request and sometime it works but most of the time it doesn't...
I think that I'm missing something here and the time it worked was because I've used another user path but i can't figure out what I've forgotten...
If someone can DM me to provide some help that would be great
Thanks in advance
Type your comment> @kenokeefe said:
you can DM me if you still need help
Finally rooted !
Thank you @ArtemisFY for your help.
Foothold is very interesting, I've learnt a lot of things but damn I've hated that g***** request...
Root is kinda straightforward if you know how to look (it's my first reflex when I've got a shell) and have already use s**** in the past.
My first insane box, kinda proud of myself
So, I managed to get some data, and then some more.
I managed to generate a "definition" and the according code from it. But whenever I try to send out simple stuff, I get back different exception responses from the box (with neither really making any sense). Any chance I could get a sanity on my definition from someone who already solved it?
GREM | OSCE | GASF | eJPT
I have my script, but I am struggling to enumerate things blindly. How are you supposed to move further if you can't see anything you are doing?
past user and on the way to root thanks to some very patient help from @TazWake and @ElVi7MaJoR. this box definitely deserves its Insane rating
User was a nightmare
If someone is blocked with velo**** on the GET request on stag*** you might need to check that the header has as first character a space
Root too was quite a pain and hard to find.
If someone need hints feel free to dm me
rooted. what a great box. took me a long time from start to finish, but I learned a lot along the way. I really like these multi-step boxes where each thing you unlock leads to the next. thanks @Xelinion for the advice on the root stage - your encouragement helped a lot.
thanks @MrR3boot and @R4J for the box!
Wow, not sure how much time i've spent on laser, time well spent, researching and learning a lot. With more or less effort and pain, i have overcome all steps by myself.
But now, i'm stuck, i think i'm in the right path... but i'm starting to doubt it.
I'm able to read the document, i've made a client to call service through g*** and i get response from server.
I get some errors during my tests that points me ("M**K" and "p****e" referenced in exceptions) towards the posible attack vector.
I've created some classes trying to get rev shell after the server unp****e them... but all i can get is a recurrent "Module is disabled" exception... and i'm not able to bypass it and no clue to continue... i think i need some help with that ¿any nudges?
Even stucked and without finished it, laser is already one of my favourite boxes in htb. Thanks @MrR3boot and @R4j for this nice work!
Type your comment> @rulzgz said:
Oops, forget it. I found an alternative!
I've decrypted the large file, and I'm attempting to generate the appropriate tool for the next part, but I'm getting exceptions from the server. Could someone review my code to let me know if I'm on the right track?
this is insane! i'm down, finally after a very long time
[email protected]:/# whoami root [email protected]:/#i gain so much knowledge from this box! thanks @MrR3boot & @R4J ! thumbs up!
I'm stuck at the same place rulzgz was stuck. Just wondering whether trying to bypass the restrictions of unp****e is a rabbit-hole?
Without the 'c' (G****L) , I just don't find a way to execute something.
Edit: Got it! The hints above helped to point the way
Considering just how hard this box was, it is reassuring that the ippsec walkthrough is nearly two hours long!
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.