Official Laboratory Discussion

@saimson said:

gettin 502 …?

anyone stuck trying to register, think about the domain you’re using, but also make sure that your time is set correctly on your machine. It was giving me a lot of 422 errors because my time was out of sync

Got User.
Foothold is a lot easier now than when the machine first came out. User took me a bit more time than it should have because I missed a thing that was staring me in the face.

Working on root. Hate when all the hints say how easy it is, makes me feel dumb for not seeing it right away… :smiley:

Anyone else getting 302 thanks to rapid?

Finally Rooted

Big thanks to @TazWake @mathboi @prh @0xczar for helping me.

This machine for an EZ is quite hard but everything was given

For my part the wget who was mentioned before does not work for me but

curl server/script.sh | sh was better for me to doing it

Ignore me.

2nd rooted box without any nudges. About 8 hours in total!

Thank you @0xc45 for this nice box: clean, few distractions and nice vectors :smile:

The initial foothold on this box is far too complicated to be rated as easy. You will need to chain a number of findings to get user, and replicate the environment to generate your initial payload. Do not overthink the privilege escalation - once you find something interesting you would need to alter its course of action.

@d7x said:

The initial foothold on this box is far too complicated to be rated as easy.

I agree - all the boxes are getting harder but I feel this one really does leave new people feeling deflated. Its is almost a custom exploitation.

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it… maybe someone can puch me a little in the right direction … tools, docs …

thx in advance

@smaxs said:

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it…

Not as far as I am aware. I don’t recall going for an account like that though.

maybe someone can puch me a little in the right direction … tools, docs …

have a look at the way the repo stores old data.

Hey guys , g**.lab*******.htb gives me 502 error. Last Reset 1 hour, are you facing the same issue?

After going around in circles for so long I finally got root. In my case, I did not pay attention well enough and was overthinking it, but just like everyone said here (thanks @waza ), it is right there and in front of you. SMH!

root@laboratory:/tmp# id
uid=0(root) gid=0(root) groups=0(root),1000(dexter)

cant login or register from the g**.*******. page. can somebody give me a small hint

@theBluess said:

cant login or register from the g**.*******. page. can somebody give me a small hint

You should be able to do both. Check error messages (IIRC)

phew, that was a really hard “easy” box. still some good fun but the path to user defiantly felt too long to be an easy box. PM for nudges

g***.lab*** domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

@scorpoin said:

g***.lab*** domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

Is this relevant: Official Laboratory Discussion - #312 by HomeSen - Machines - Hack The Box :: Forums

Well I did reset it as well and yet same 422 :confused:

A HTTP 422 error implies something is seriously broken. I’d raise it with HTB to get them to fix it.