Official Unobtainium Discussion

This was really well done for sure! Lots of fun.

Type your comment> @CounterSu said:

I’ve just started on this box, having fun already :slight_smile: Did anyone else notice that the favicon resembles the one used by the Dutch newspaper “de Volkskrant”, or is it just me? (http://www.vk.nl)

Got user! Took me a long time since there was a lot of new stuff to learn; the box employs some techniques I didn’t know - but do know now. Great experience so far!

Great box, the foothold especially was really cool. The different tools I used and ideas I had to follow through were very exciting and just that was already a lot because I learnt quite a lot of new stuff.
The root part had me very confused and I really wasn’t sure what I was doing until the end. Even after that, I plan on doing that box a few more times to carefully take notes along the way because I still feel like in the middle of the smog.
Overall, really cool box, and I really loved the foothold :slight_smile: Thanks @felamos

Very very interesting box, good job to @felamos for something different. The foothold was quite convoluted for me, as I am not familiar with the language, but the root part instead was fairly smooth and quick, but very real-word like!

Finally rooted this box!

Thanks @felamos, I had a great learning experience both with user and root. The great thing about this box is that it forced me to research new techniques and methods - and exploiting them. What a ride.
Respect towards @sudneo. Could NOT have done it without his help and advice!!

Some hints:
User: Everything you need is in the app. There is more than one way to reverse and use it.
Root: Once you figure out how the container is managed, follow the yellow brick road. Enumerate and research. This quite a new path so resources might be limited. Be persistent!

Finally root, this took me a lot of effort I’m sure who is familiar with technology involved can solve the box with less trouble than I had.

Foothold/User: analyze carefully what you have and extract useful informations. At some point with enumeration you should be able to find the right path, try not to pollute with too much enumeration.

Root: once you’re in classical enumeration will make you understand that something is behind the scene. Here I had to do a lot of study and google-fu. You need to create something malicious (using same approach as foothold) that could allow you to reach the goal.
I managed to retrieve the flag and a shell, but it was really unstable I don’t know if anybody experienced the same situation.

Thanks for the box!

Dm me if you want any nudge

Type your comment> @alemusix said:

Finally root, this took me a lot of effort I’m sure who is familiar with technology involved can solve the box with less trouble than I had.

Foothold/User: analyze carefully what you have and extract useful informations. At some point with enumeration you should be able to find the right path, try not to pollute with too much enumeration.

Root: once you’re in classical enumeration will make you understand that something is behind the scene. Here I had to do a lot of study and google-fu. You need to create something malicious (using same approach as foothold) that could allow you to reach the goal.
I managed to retrieve the flag and a shell, but it was really unstable I don’t know if anybody experienced the same situation.

Thanks for the box!

it is not unstable, is HTB that thinks that everything is a “race condition” and cleans everything shortly

Is anyone available for a quick sanity check on the foothold?

can anyone help me with the root part… I have got the p*** and p*** description

Finally rooted, after about a week of poking, reading, and experimenting. I’d say this machine left me with the most open browser tabs for “OK, gotta go google THIS now” of any I’ve done so far. Like someone else earlier in this thread, I may go back and re-do this machine, just to take better notes of the steps involved.

Thank you @felamos for a very fun and educational machine, I thoroughly enjoyed it.

Anyone available for a nudge?

Loved this box! I haven’t really touched most of the technologies used in this challenge before, but that made it all the more fun.

Anyone available to sanity check what I am doing.

Edit: Got it.

Still working on foothold. I found the service that requires authentication, but I have no idea how to obtain the required t***n (already tried using other authentication methods with the creds I already have from the other thing, but they aren’t accepted, here). Anyone willing to spare a hint on where to look to obtain that t***n? EDIT: I can see that the first application (the one with creds) has some other flaw, but I’m not getting any pingback from the server, with this, so it’s probably a rabbit hole. EDIT2: Got a bit further. Let’s see what I can make out of this :smiley:

Working on root, I’m pretty sure I know what to do. I created a “thing” and have credentials for the service, but all attempts to POST/PUT/PATCH something on that service, always results in a 403. I can provide more detail in a PM, if anyone were willing to spare a hint on where I’m going wrong :wink:

Hi all,
I wanted to redo the unobtainium box again but the unobtainium client is not able to connect.
The client shows “Unable to reach unobtainium.htb”. I have update the etc/hosts settings and I’m able to open unobtainium.htb on the the browser.

Any idea what else do I need to check? Firewall is disabled too.

Thanks

Br

@felamos I got user.txt, but I am having trouble to get root flag. I’ve created the payload to get in to container, but kubectl logs, irrespective of the image available I choose, the log is the same: “pod xxx is waiting to start: trying and failing to pull image”. is someone facing similar issue with this box?
The other box steamcloud, I didn’t have trouble

Hey, please check imagepullpolicy. Even if image already exist on machine it may try to pull again which makes the pod crash. Setting it to Never will prevent it from pulling new images.

1 Like

Hello

@felamos Thanks for the box first. I’m encountering a problem and I wonder if anything was modified into the box breaking things. I will try to not spoil.
First of all I don’t see the ports 2379/2380 on port scans
And then I’m trying to do the same request from curl on burp, it works on curl but not on burp I get HTTP/1.1 401 Unauthorized
Maybe you’ll need more precisions, maybe pm.

Thanks

Edit: Obviously after passing few hours on something that stupid I figure out it seems burp was not sending the post request on the good port and also I had to change to HTTP. Be sure to look the settings on “Target” on top right are corresponding…