Official Laboratory Discussion

1101113151618

Comments

  • @xenofon said:

    g**.labo*******.htb gives me 502 error is this part of the challenge??

    Not really.

    https://forum.hackthebox.eu/discussion/comment/88644/#Comment_88644

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @xenofon said:
    > g**.labo*******.htb gives me 502 error is this part of the challenge??

    No. But it happens after the machine gets restarted because some services take quite a long time to come up. And until then, the "main service" can't reach them and returns an error 502.

    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • jw0jw0
    edited December 2020

    @TazWake thanks for responding. Landed root and facepalming because it was pretty standard privesc. If anyone else needs a nudge PM me

    Hack The Box

  • Rooted final, Thx for @n3ph0s on the forum, @m4nu on Discord help

  • edited December 2020

    i managed to grab s* cre * .yml i saw a priv rsa key,i know that g*t user has its public on authorized hosts,but when it try to ssh nothing happens any help???

  • @xenofon said:

    i managed to grab s* cre * .yml i saw a priv rsa key,i know that g*t user has its public on authorized hosts,but when it try to ssh nothing happens any help???

    I don't think that is the right path.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited December 2020

    Rooted. Thanks @blaudoom on Discord for help

  • Finally got the user! The foothold was really tough. However, getting the user was easy.
    Now on my way for roo!
    PM if you need help!

  • gettin 502 .....?

  • TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited December 2020

    anyone stuck trying to register, think about the domain you're using, but also make sure that your time is set correctly on your machine. It was giving me a lot of 422 errors because my time was out of sync

  • Got User.
    Foothold is a lot easier now than when the machine first came out. User took me a bit more time than it should have because I missed a thing that was staring me in the face.

    Working on root. Hate when all the hints say how easy it is, makes me feel dumb for not seeing it right away... :smiley:

  • Anyone else getting 302 thanks to rapid?

  • Finally Rooted

    Big thanks to @TazWake @mathboi @prh @0xczar for helping me.

    This machine for an EZ is quite hard but everything was given

    For my part the wget who was mentioned before does not work for me but

    curl server/script.sh | sh was better for me to doing it

  • edited January 4

    Ignore me.

  • 2nd rooted box without any nudges. About 8 hours in total!

    Thank you @0xc45 for this nice box: clean, few distractions and nice vectors :smile:

  • d7xd7x
    edited January 4

    The initial foothold on this box is far too complicated to be rated as easy. You will need to chain a number of findings to get user, and replicate the environment to generate your initial payload. Do not overthink the privilege escalation - once you find something interesting you would need to alter its course of action.

  • @d7x said:

    The initial foothold on this box is far too complicated to be rated as easy.

    I agree - all the boxes are getting harder but I feel this one really does leave new people feeling deflated. Its is almost a custom exploitation.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • hi, could ned a little nudge ... i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it... maybe someone can puch me a little in the right direction .. tools, docs ...

    thx in advance

  • @smaxs said:

    hi, could ned a little nudge ... i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it...

    Not as far as I am aware. I don't recall going for an account like that though.

    maybe someone can puch me a little in the right direction .. tools, docs ...

    have a look at the way the repo stores old data.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hey guys , g**.lab*******.htb gives me 502 error. Last Reset 1 hour, are you facing the same issue?

  • After going around in circles for so long I finally got root. In my case, I did not pay attention well enough and was overthinking it, but just like everyone said here (thanks @waza ), it is right there and in front of you. SMH!

    [email protected]:/tmp# id
    uid=0(root) gid=0(root) groups=0(root),1000(dexter)
    

    Hack The Box
    CISSP | eJPT

  • edited January 6

    cant login or register from the g**.**********.*** page. can somebody give me a small hint

  • @theBluess said:

    cant login or register from the g**.**********.*** page. can somebody give me a small hint

    You should be able to do both. Check error messages (IIRC)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • phew, that was a really hard "easy" box. still some good fun but the path to user defiantly felt too long to be an easy box. PM for nudges

  • edited January 8

    [code]g.lab[/code] domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

  • @scorpoin said:

    [code]g.lab[/code] domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

    Is this relevant: https://forum.hackthebox.eu/discussion/comment/88644/#Comment_88644

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Well I did reset it as well and yet same 422 :/

  • A HTTP 422 error implies something is seriously broken. I'd raise it with HTB to get them to fix it.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    maybe someone can puch me a little in the right direction .. tools, docs ...

    have a look at the way the repo stores old data.

    thx a lot for the hint! got it ... rooted the box now

Sign In to comment.