Official Laboratory Discussion

rooted!!! Thanks a lot to @HomeSen and @waza for the hint.
A good box and not really “easy”.
Initial foothold is the most difficult part. Need a CVE and escalate the CVE into something more dangerous.

user part is tricky. Don’t limit your brain in the foothold.

root part is obvious but need some background knowledge. I ran into some rabbit hole of myself and make things complex. But still learned some useful trick, just not applying to this box.

I am having hard time with this machine, probably i don’t have the right background around it. Even if technically it’s not easy I am lost, I have tried to find some articles that would explain, and I know how the cve works, but i dunno what to do with it, or probably i am considering a wrong CVE

Hi guys, I was able to get a shell, but I’m completely stuck. I know I’m missing a detail somewhere, but can’t figure out what. If anyone can give me any nudge on that, I’d really appreciate.

edit: Rooted - Although everything makes sense after you get root, I don’t think this was an easy box, but it was a great machine in terms of the knowledge you get.

I’m still stuck to the way to get a shell, i was thinking about writing something into something but i can’t find the way for it.
Read is ok

Rooted!,i only practiced approximately 5 retired machines before moved on to the active machines as laboratory is my first active machine i rooted ,just filtered on easy boxes and found my self connected to it without any expectation how difficult it could be ,the box is very good as this is how the new boxes should be but the rating should not be less than medium OMI ,thanks @gr33ng10w & @urtv666 for the nudge.

Hi can anyone give me a hand on Laboratory
I found the g**** page
can create a user

but can’t find anything usefull
can I get a nudge

thanks

search some exploit about g***** version

Hi,
I got the shell with Gb RC using sec*.yml. I know here is in co******r.
I want to get a user shell. Does anyone have a tip?

Thanks.

@securityindex said:

Hi,
I got the shell with Gb RC using sec*.yml. I know here is in co******r.
I want to get a user shell. Does anyone have a tip?

Thanks.

Look to restore some data, in there you can find a thing which will let you get in as user.

can anyone send me a pm to give me a nudge on initial with this please?.. thanks in advance…

Finally rooted this box. Thanks @waza and @SpawnZii for the tips. Can’t say I really enjoyed this box…it is definitely no easy box.
Foothold: requires a lot of setup but you can find information on exactly how to do it and run the exploit you need.
User: peas should find instructions to allow you to gain access.

Root: Based on all the other comments, when you find what you are looking for, focus on what it is, rather than what it is doing. I was chasing the wrong thing for a while and making it harder than it needed to be.

getting error 502 on g***** ???

getting same error from last 1 hr ???

I am getting 502 even after resets

@dmeg said:

I am getting 502 even after resets

After resetting the box, it will take quite some time, until al services are up. During that time, make sure no one else initiates a reset (check the shoutbox on the HTB site, and cancel all reset requests fro the box).

For those not interested in trying harder than you need to (this is me for this one) you dont need an elaborate setup to get the exploit for your foothold to work…just find the right CVE and google.

I’m lost trying to get root, anyone can pm me with hints?

@Nitryto said:

I’m lost trying to get root, anyone can pm me with hints?

Enumeration is the key. Find the thing with the thing set, examine it, hijack it.

any help for the laboratory machine ?

rooted!

Interesting box, full of frustrations…

Foothold - exploit chain, can be done with a script if you know what the chain is and how to search it
User - listen to your priv esc tools
Root - typical priv esc research will find this thing, if you can find it, how do you “unpack” it or “peak” into it to figure out what it does???