Official Laboratory Discussion

Hello everyone. When I am trying to open the Web page, I am getting Server not Found. Did anyone got this issue, if so how to overcome?

@TridevReddy said:

Hello everyone. When I am trying to open the Web page, I am getting Server not Found. Did anyone got this issue, if so how to overcome?

Are you using an IP address or hostname?

I keep getting 502 on G page :-\ have resetted the machine but not solving…

any1 can help me? im stuck to get root from user

@jagoannyaMAMAH said:

any1 can help me? im stuck to get root from user

Checking permissions on executable files, then a very basic reading of the file, is a good way to get the path from user to root.

Hey there, i think i found the right exploit and i modified something in order to make it work, i’m still stuck in the part where it download the shell, i’m trying to use the lfi/rce of the service, someone can give me some hints?

Type your comment> @HomeSen said:

@synap5e said:

This is my first hackthebox :smiley:

Let me guess: You had to add a newline to the end of the file? For some reason, certain ssh clients require the key file to end with an empty line.

MOTHER F***ER ! that was my problem the whole time? A newline char?

Wow. thanks!

Type your comment> @TazWake said:

@jagoannyaMAMAH said:

any1 can help me? im stuck to get root from user

Checking permissions on executable files, then a very basic reading of the file, is a good way to get the path from user to root.

thanks man, I appreciate it.

Foothold and getting user was enough headache

Stuck with ROOT
After ran all enum tools p*** l*****.sh LE*.sh
Not sure what process i should exploit

@mar0ne said:

Foothold and getting user was enough headache

Stuck with ROOT
After ran all enum tools p*** l*****.sh LE*.sh

Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

find on its own will be enough.

Not sure what process i should exploit

Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

Type your comment> @TazWake said:

@mar0ne said:

Foothold and getting user was enough headache

Stuck with ROOT
After ran all enum tools p*** l*****.sh LE*.sh

Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

find on its own will be enough.

Not sure what process i should exploit

Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

I think i saw it something relative to log** but didn’t works

Finally rooted this. What a ride. Willing to PM nudges if needed

This was the hardest “easy” box I’ve come across but not by design.

There were some stability issues as well that made it difficult to get a grip on things. I’m reasonably certain there’s some people who try to brute force things on HTB. Tsk Tsk. That’s not what this site is about.

Looking back I’m not sure why it was so hard. I guess because the attack vectors I’d found did not work as expected and required tweaking. It’s technically not that complicated but was hard to execute for certain reasons.
Foothold was tougher than it should have been but not by design. For some reason the obvious method of getting in didn’t work for me until I made some adjustments. This initially put me off making me think I was barking up the wrong tree.

User. Even after stealing the info I needed to become user I had trouble, again on my end, making it work. Again it seemed like I’d gone wrong somewhere but I needed a little new line char to fix the issue.

Root was a textbook standard beginner type exploit but you need to have your reading glasses on to find it. Tip: enumerate in detail and don’t just look for the easy stuff. It’s right there in the output of your fave enumeration tool.

I must enjoy the pain.

@mar0ne said:

@TazWake said:

@mar0ne said:

Stuck with ROOT
After ran all enum tools p*** l*****.sh LE*.sh

Chances are they have shown you the path to root, but the problem is that it will be hidden in the noise.

find on its own will be enough.

Not sure what process i should exploit

Dont think about exploiting a process as such. Look at some thing you can run as root. Look at it in detail and you can see the path to getting root.

I think i saw it something relative to log** but didn’t works

I don’t think that is the thing I am talking about. Linux permissions are a useful thing to understand and what the various bits in a permission allow you to do. If one is sticky, it can help.

When you can find that one file, if you look at it closely, you can see the path to getting root on this box.

Hey @TazWake I just wanted shout out some respect to you for taking the time to handhold so many of us.

Rooted :slight_smile:

User was an a headache

Root need to wash your eyes and read carefully :slight_smile:

Docker and gitlab are all new to me, first box of this kind.

Thanks for @RageWire @TazWake @heh

I’m think I got all the steps for foothold. But for some reason i’m not getting a shell. I refuse to give up but at this point I need some help. Who can I PM or Discord?

rooted. I think i can roll over and die now. been working on that machine for WAY too long.

I’ll echo what others have said: the box wasn’t easy at all.

I can’t get ssh to work on the box. I’ve replicated gitlab locally and it works. I’ve tried uploading keys to gitlab and multiple ssh keys I’ve found in and around s******.yml. I made sure file shows that it is an ssh key. Is there something different I need to add to ssh the container?

@byd3fault said:

I can’t get ssh to work on the box. I’ve replicated gitlab locally and it works. I’ve tried uploading keys to gitlab and multiple ssh keys I’ve found in and around s******.yml. I made sure file shows that it is an ssh key. Is there something different I need to add to ssh the container?

Try a different attack. The keys you have might not be any use.

This box was a lot harder than “Easy”. If anyone else ran into the problem with "It Me" - maybe “run” something other than c**e.