I am stuck after getting the first flag, i read the comments on this post. But i am still not able to get the second flag. can someone share a hint?
It ha already been hinted at quite a bit - it might help if you explain what it is about the previous hints you haven’t got?
You need to find something which gives you access to something else, dump the hash from there, then crack it. Then use it to be able to read the root flag.
Start by looking through things that are not in a standard Linux install.
I think I’ve found the correct hash for root and cracked it successfully. Now I can log in at m*******t but I don’t know what to do, lol.
help pls xd, did I miss something behind?
Rooted!! I was massively overthinking the path to root. This is a great box and as other comments have said, everything you need is right there, you just have to join the dots. Happy to provide nudges
I’ve been stuck for multiple days and can’t tell if it’s because I’m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. I’m assuming getting into this box doesn’t required that part of the workflow. I tried once with a “real” email address and didn’t receive an email at it so I assumed it’s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.
I’ve been stuck for multiple days and can’t tell if it’s because I’m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. I’m assuming getting into this box doesn’t required that part of the workflow. I tried once with a “real” email address and didn’t receive an email at it so I assumed it’s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.
HTB boxes cant send emails to “real world” email addresses. They do not have internet connectivity.
The email step here needs a bit of creative thinking but at various stages you are given everything you need.
I’ve been stuck for multiple days and can’t tell if it’s because I’m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. I’m assuming getting into this box doesn’t required that part of the workflow. I tried once with a “real” email address and didn’t receive an email at it so I assumed it’s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.
HTB boxes cant send emails to “real world” email addresses. They do not have internet connectivity.
The email step here needs a bit of creative thinking but at various stages you are given everything you need.
Thanks for the info - I figured out the email step. Funny how that ambiguity was initially preventing my brain from going down that path.
Can anyone reply or confirm i’m not crazy, lol? Are we meant to be using the hhes from the users in M****rMt and the panel where the mail goes? Just wondering because I’ve been playing with the cat’s rule set with a file that rocks you for days now and I can’t crack it. PM me and let me know if I’m headed down a rabbit hole. Have a feeling I’m not configuring my tools correctly.
Can anyone reply or confirm i’m not crazy, lol? Are we meant to be using the hhes from the users in M****rMt and the panel where the mail goes?
I don’t think so.
Just wondering because I’ve been playing with the cat’s rule set with a file that rocks you for days now and I can’t crack it.
For 99% of boxes on HTB, if you cant crack a hash in about 10 minutes, something is wrong.
There are exceptions but those boxes should be in the Hard/Insane categories.
PM me and let me know if I’m headed down a rabbit hole. Have a feeling I’m not configuring my tools correctly.
Enumerate the files system. Look in the place for optional software. Get the info you need to dump things. Dump the hashes. Crack them - you don’t even need rules, a custom wordlist will do the trick.
i am trying to create a ticket but i keep getting an error message saying issue details is a required field. i have tried to fill all the fields but i keep on getting this error. any help would be greatly appreciated.
Download a new academy connection profile and reset the connection. This worked for me as soon as I did this. I switched servers and got a new HTB VPN.
If anyone is having trouble viewing the tickets and getting an “Account Confirmation Required” error, you have to create a new HTB VPN connection profile.
Terminate the “Delivery” Machine. Download a new connection profile. Delete your old one. Sudo openvpn the new one. You should be good after this.