Official Laboratory Discussion

@xenofon said:

g**.labo*******.htb gives me 502 error is this part of the challenge??

No. But it happens after the machine gets restarted because some services take quite a long time to come up. And until then, the “main service” can’t reach them and returns an error 502.

@TazWake thanks for responding. Landed root and facepalming because it was pretty standard privesc. If anyone else needs a nudge PM me

Rooted final, Thx for @n3ph0s on the forum, @m4nu on Discord help

i managed to grab s* cre * .yml i saw a priv rsa key,i know that g*t user has its public on authorized hosts,but when it try to ssh nothing happens any help???

@xenofon said:

i managed to grab s* cre * .yml i saw a priv rsa key,i know that g*t user has its public on authorized hosts,but when it try to ssh nothing happens any help???

I don’t think that is the right path.

Rooted. Thanks @blaudoom on Discord for help

Finally got the user! The foothold was really tough. However, getting the user was easy.
Now on my way for roo!
PM if you need help!

gettin 502 …?

@saimson said:

gettin 502 …?

anyone stuck trying to register, think about the domain you’re using, but also make sure that your time is set correctly on your machine. It was giving me a lot of 422 errors because my time was out of sync

Got User.
Foothold is a lot easier now than when the machine first came out. User took me a bit more time than it should have because I missed a thing that was staring me in the face.

Working on root. Hate when all the hints say how easy it is, makes me feel dumb for not seeing it right away… :smiley:

Anyone else getting 302 thanks to rapid?

Finally Rooted

Big thanks to @TazWake @mathboi @prh @0xczar for helping me.

This machine for an EZ is quite hard but everything was given

For my part the wget who was mentioned before does not work for me but

curl server/script.sh | sh was better for me to doing it

Ignore me.

2nd rooted box without any nudges. About 8 hours in total!

Thank you @0xc45 for this nice box: clean, few distractions and nice vectors :smile:

The initial foothold on this box is far too complicated to be rated as easy. You will need to chain a number of findings to get user, and replicate the environment to generate your initial payload. Do not overthink the privilege escalation - once you find something interesting you would need to alter its course of action.

@d7x said:

The initial foothold on this box is far too complicated to be rated as easy.

I agree - all the boxes are getting harder but I feel this one really does leave new people feeling deflated. Its is almost a custom exploitation.

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it… maybe someone can puch me a little in the right direction … tools, docs …

thx in advance

@smaxs said:

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it…

Not as far as I am aware. I don’t recall going for an account like that though.

maybe someone can puch me a little in the right direction … tools, docs …

have a look at the way the repo stores old data.

Hey guys , g**.lab*******.htb gives me 502 error. Last Reset 1 hour, are you facing the same issue?