Official Ready Discussion

Type your comment> @TazWake said:

@thorthehacker said:

Just got the user flag! I found two files, one with an private rsa which tried to use as root and the user and no luck… On the second file found some smtp password, but I haven’t been able to use it anywhere either…
Any advise or hint?

This is going to suck but “try harder”…

You say you haven’t been able to use it anywhere, that might just mean you haven’t tried the right thing.

Thank you so much, it was so easy… Sometimes you just need to go away from the computer so the ideas flow :slight_smile:

Ooof. Got user, and have “root”. But getting out is really hard for me. I’ve tried a few things but at this point i’m more interesting in learning. Can anyone point me in a direction of a tutorial for this part? I’m lost.

nvm, got it. What a FANTASTIC box.

Well that was fun. Initial foothold and final root flag probably took 10% of my whole time. Really upped my “find” game with this box.

Great box.

i got root shell.
DM for help

Can I PM someone for help? I’ve got user, used linpeas, looked through a lot of stuff and still not a step closer than I was when I first got user.

@ExCommunicado said:

Can I PM someone for help? I’ve got user, used linpeas, looked through a lot of stuff and still not a step closer than I was when I first got user.

You need to enumerate. Read the optional things which you don’t normally find on a box here. Get the loot from that, use it.

Then you need to find a way to get out of the thing you are in but it is easier with your new privs.

Hi! I get user flag and exec linpeas, but i dont see how root privesc. Pls dm me for help. Thx!

@str3ss01d said:

Hi! I get user flag and exec linpeas, but i dont see how root privesc. Pls dm me for help. Thx!

Read the post immediately before yours.

Rooted! Its my first medium box)
rooted laboratory box before ready box

Got shell as g* user found some creds in a non-default folder. Maybe for r****-c**. really not to sure where to go from here. Can anyone give a nudge?

@prutz said:

Got shell as g* user found some creds in a non-default folder. Maybe for r****-c**. really not to sure where to go from here. Can anyone give a nudge?

Have you tried using the creds?

Remember, password reuse is really, really common. If you have a set of creds for X, there is a good chance they can be reused on Y.

Interesting box. I learned a lot from this one. I learned that i need to really pay attention to my enumeration.

I am curious to know if i got the root flag the proper way or not, or if there is another way to do it. I suspect there are a few ways but really curious if there was another way besides the easy way i obtained it.

um. am i meant to be getting a 422 error every single time I try sign up to g****b?

@allTsar said:

um. am i meant to be getting a 422 error every single time I try sign up to g****b?

No.

@TazWake good to know. Anyone else had this issue and resolved it?

@allTsar said:

@TazWake good to know. Anyone else had this issue and resolved it?

It isn’t mentioned very much on this thread, but lots of people experienced this on Laboratory which uses similar technology. I suspect it is a result of some service not starting cleanly when the box initialises.

I don’t have a good suggestion but based on the Laboratory thread you could try:

  • Reset the box and then wait 10 minutes. This should give it time to make sure every service is started.
  • Raise a jira ticket with HTB.
  • Try a different VPN to see if its a problem on the specific server assigned to your instance.

@TazWake thank you so much for the advice :slight_smile: Honestly thought I was going crazy trying to find the foothold without an account :confused:

Can anyone that has completed this box message me please? I got user a few days ago, but forgot to save my notes before shutting down my VM. Now, I can’t seem to reproduce the steps I used before. None of my PoCs work for getting a user shell.

This was a fun box. I’m open for nudges if needed.