Official Laboratory Discussion

The initial foothold on this box is far too complicated to be rated as easy. You will need to chain a number of findings to get user, and replicate the environment to generate your initial payload. Do not overthink the privilege escalation - once you find something interesting you would need to alter its course of action.

@d7x said:

The initial foothold on this box is far too complicated to be rated as easy.

I agree - all the boxes are getting harder but I feel this one really does leave new people feeling deflated. Its is almost a custom exploitation.

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it… maybe someone can puch me a little in the right direction … tools, docs …

thx in advance

@smaxs said:

hi, could ned a little nudge … i have a low shell as g** user, do i need to crack a hash for user s**e* ? did not had any look with it…

Not as far as I am aware. I don’t recall going for an account like that though.

maybe someone can puch me a little in the right direction … tools, docs …

have a look at the way the repo stores old data.

Hey guys , g**.lab*******.htb gives me 502 error. Last Reset 1 hour, are you facing the same issue?

After going around in circles for so long I finally got root. In my case, I did not pay attention well enough and was overthinking it, but just like everyone said here (thanks @waza ), it is right there and in front of you. SMH!

root@laboratory:/tmp# id
uid=0(root) gid=0(root) groups=0(root),1000(dexter)

cant login or register from the g**.*******. page. can somebody give me a small hint

@theBluess said:

cant login or register from the g**.*******. page. can somebody give me a small hint

You should be able to do both. Check error messages (IIRC)

phew, that was a really hard “easy” box. still some good fun but the path to user defiantly felt too long to be an easy box. PM for nudges

g***.lab*** domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

@scorpoin said:

g***.lab*** domain keep giving error firt 502 and not 422 , my time zone is set according to my country ? any hint

Is this relevant: Official Laboratory Discussion - #312 by HomeSen - Machines - Hack The Box :: Forums

Well I did reset it as well and yet same 422 :confused:

A HTTP 422 error implies something is seriously broken. I’d raise it with HTB to get them to fix it.

Type your comment> @TazWake said:

maybe someone can puch me a little in the right direction … tools, docs …

have a look at the way the repo stores old data.

thx a lot for the hint! got it … rooted the box now

Can anybody help me? I found a SSH private key but when i try to login with all active users on the machine it’s says invalid format.

@Eren said:

Can anybody help me? I found a SSH private key but when i try to login with all active users on the machine it’s says invalid format.

Have you checked its format is correct (try file FILENAME) ?

Check how you copied it to your system - you might have added characters or changed things.

Type your comment> @TazWake said:

@Eren said:

Can anybody help me? I found a SSH private key but when i try to login with all active users on the machine it’s says invalid format.

Have you checked its format is correct (try file FILENAME) ?

Check how you copied it to your system - you might have added characters or changed things.

I removed the spaces manually, file return it’s a id_rsa: PEM RSA private key, invalid format still appearing and Permission denied (publickey) appears too.

@Eren said:

Type your comment> @TazWake said:

@Eren said:

Can anybody help me? I found a SSH private key but when i try to login with all active users on the machine it’s says invalid format.

Have you checked its format is correct (try file FILENAME) ?

Check how you copied it to your system - you might have added characters or changed things.

I removed the spaces manually, file return it’s a id_rsa: PEM RSA private key, invalid format still appearing and Permission denied (publickey) appears too.

Ok - but if you are getting invalid format, then something is still wrong.

Are you getting the errors from your machine or the remote machine?

In the crypto bit does it start with b3 and end with A==

If you open it in a text editor do the lines all line up? Are the permissions correct (although that should be a different error message).

Nice box, not an easy one.
Foothold: GoogleFu → Documentation → GoogleFu → PoC
User: PEAS, now you know your coworkers, change their lifes.
Root: You don’t need RE, just pSPY.

If you need any nudge PM.

Hello, I found a ssh private key.
But i keep getting the following error:
@g*******b: Permission denied (publickey).

Can someone help me? I suck at ssh…