Official Laboratory Discussion

@Nitryto said:

I’m lost trying to get root, anyone can pm me with hints?

Enumeration is the key. Find the thing with the thing set, examine it, hijack it.

any help for the laboratory machine ?

rooted!

Interesting box, full of frustrations…

Foothold - exploit chain, can be done with a script if you know what the chain is and how to search it
User - listen to your priv esc tools
Root - typical priv esc research will find this thing, if you can find it, how do you “unpack” it or “peak” into it to figure out what it does???

can i have some help?
i found the g***** page, already created/logged, also have used an F*** R*** RCE exploit, found p****d and ssh dsa.

I’ve been unsuccessful installing “rails console” on two different environments. How can I get around this?

Took me two days and help, but finally rooted. Thanks to all!

I’m stuck on G****** too!!!

rooted! finnaly! the last part to get root access really got me thinking, after a while i found something that lead me to something when i run ltr**e on that something make me gotta do evasion thing on it.

feel free to DM me if any of you guys need help.
btw @artilleryRed i’m also got that problem, because i’m using new hardware i just make sure i installed docker and docker composer properly and when i docker exec -ti **** bash ,it worked and you just simply put gitlab-rails console as command .

I was asking for some assistance on this. Then developed a test case to see if I could move further. At this point, I am a bit further along. I was just going to delete the post I did, but could only edit it… I may be back though. :smile:

yesterday got a shell as g**, and today 502 hahahaha

Type your comment> @balkan said:

yesterday got a shell as g**, and today 502 hahahaha

im stucked, i have a shell as g**, any nudge plis?

@balkan said:

Type your comment> @balkan said:

yesterday got a shell as g**, and today 502 hahahaha

im stucked, i have a shell as g**, any nudge plis?

Dammn stuck with G***** login page any hint .

stuck on 502 too :frowning:

@zzzsnickerzzz said:

stuck on 502 too :frowning:

After resetting the box, it will take quite some time, until all required services are up, again. During that time, make sure no one else initiates a reset (check the Shoutbox on the HTB site, and cancel all reset requests fro the box).

This was really fun. I thought I’d leave some closing words.

Foothold: We have it way easier than those before us. It’s been weaponized we just need to use it. No Dr C***r needed.

User: Priv esc tool is all you need unless you’re very used to g****b.

Root: Priv esc tool finds it, will you? D****r even wrote about using it …

Hello, it seems that the machine doesn’t reset. I tried to reset without any success my files are still there.

Moreover the hash in the user.txt file doesn’t work.

can someone give me hints on the G page? trying to bruteforce it but it dosent work,pm me

Rooted!

uid=0(root) gid=0(root) groups=0(root),1000(d****r)

Foothold

  • Enum to find it
  • Google and you’ll find what you can do with it
  • Somebody did this before and was so kind to leave a tool behind

User

  • Crack it or change it
  • Sharp eye for obvious

Root

  • Enum is better than peas to find it
  • Blink and you will miss it
  • After you see the thing, look what it does and get in the way

PM if you need a nudge.

Type your comment> @HomeSen said:

@zzzsnickerzzz said:

stuck on 502 too :frowning:

After resetting the box, it will take quite some time, until all required services are up, again. During that time, make sure no one else initiates a reset (check the Shoutbox on the HTB site, and cancel all reset requests fro the box).

i did but its still 502