Official Delivery Discussion

@fdalvi said:

I am stuck after getting the first flag, i read the comments on this post. But i am still not able to get the second flag. can someone share a hint?

It ha already been hinted at quite a bit - it might help if you explain what it is about the previous hints you havenā€™t got?

You need to find something which gives you access to something else, dump the hash from there, then crack it. Then use it to be able to read the root flag.

Start by looking through things that are not in a standard Linux install.

i am not able to find hash dump. i think i am seing the non standard linux install but cannot see the hash. but will look again

@fdalvi said:

i am not able to find hash dump. i think i am seing the non standard linux install but cannot see the hash. but will look again

The hash isnā€™t in the file. The file tells you what you need to dump the hash from where it is.

Thanks, this a good nudge

I think Iā€™ve found the correct hash for root and cracked it successfully. Now I can log in at m*******t but I donā€™t know what to do, lol.
help pls xd, did I miss something behind?

@cashats said:

I think Iā€™ve found the correct hash for root and cracked it successfully. Now I can log in at m*******t but I donā€™t know what to do, lol.

If you have the password for root, why are you logging in somewhere else?

help pls xd, did I miss something behind?

I think so.

OK, forget what I said and thanks hahaha

Rooted!! I was massively overthinking the path to root. This is a great box and as other comments have said, everything you need is right there, you just have to join the dots. Happy to provide nudges :slight_smile:

Iā€™ve been stuck for multiple days and canā€™t tell if itā€™s because Iā€™m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. Iā€™m assuming getting into this box doesnā€™t required that part of the workflow. I tried once with a ā€œrealā€ email address and didnā€™t receive an email at it so I assumed itā€™s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.

@PartyGolbez said:

Iā€™ve been stuck for multiple days and canā€™t tell if itā€™s because Iā€™m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. Iā€™m assuming getting into this box doesnā€™t required that part of the workflow. I tried once with a ā€œrealā€ email address and didnā€™t receive an email at it so I assumed itā€™s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.

HTB boxes cant send emails to ā€œreal worldā€ email addresses. They do not have internet connectivity.

The email step here needs a bit of creative thinking but at various stages you are given everything you need.

Type your comment> @TazWake said:

@PartyGolbez said:

Iā€™ve been stuck for multiple days and canā€™t tell if itā€™s because Iā€™m completely ignoring the possibility of receiving emails outside of the HTB ecosystem. Iā€™m assuming getting into this box doesnā€™t required that part of the workflow. I tried once with a ā€œrealā€ email address and didnā€™t receive an email at it so I assumed itā€™s not supported (because all the HTB machines are on an isolated network). Can someone tell me if my assumption is correct? Thanks.

HTB boxes cant send emails to ā€œreal worldā€ email addresses. They do not have internet connectivity.

The email step here needs a bit of creative thinking but at various stages you are given everything you need.

Thanks for the info - I figured out the email step. Funny how that ambiguity was initially preventing my brain from going down that path.

Can anyone reply or confirm iā€™m not crazy, lol? Are we meant to be using the hhes from the users in M****rMt and the panel where the mail goes? Just wondering because Iā€™ve been playing with the catā€™s rule set with a file that rocks you for days now and I canā€™t crack it. PM me and let me know if Iā€™m headed down a rabbit hole. Have a feeling Iā€™m not configuring my tools correctly.

@luckyUser said:

Can anyone reply or confirm iā€™m not crazy, lol? Are we meant to be using the hhes from the users in M****rMt and the panel where the mail goes?

I donā€™t think so.

Just wondering because Iā€™ve been playing with the catā€™s rule set with a file that rocks you for days now and I canā€™t crack it.

For 99% of boxes on HTB, if you cant crack a hash in about 10 minutes, something is wrong.

There are exceptions but those boxes should be in the Hard/Insane categories.

PM me and let me know if Iā€™m headed down a rabbit hole. Have a feeling Iā€™m not configuring my tools correctly.

Enumerate the files system. Look in the place for optional software. Get the info you need to dump things. Dump the hashes. Crack them - you donā€™t even need rules, a custom wordlist will do the trick.

Anyone has problems submitting user flag? I keep getting incorrect flag error.

i am trying to create a ticket but i keep getting an error message saying issue details is a required field. i have tried to fill all the fields but i keep on getting this error. any help would be greatly appreciated.

Is there anyone still monitoring this discussion and wouldnā€™t mind DMā€™ing me to give a me a pointer for this?

I am currently watching the ippsec video on this machine. Trying to use the s*****k tool on the target machine, I get this error

: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33ā€™ not found (required by ./s*****k)

.
Has anyone else encountered this error ?

i am also not able to access the machine also can you please guide me about this

Download a new academy connection profile and reset the connection. This worked for me as soon as I did this. I switched servers and got a new HTB VPN.

If anyone is having trouble viewing the tickets and getting an ā€œAccount Confirmation Requiredā€ error, you have to create a new HTB VPN connection profile.

Terminate the ā€œDeliveryā€ Machine. Download a new connection profile. Delete your old one. Sudo openvpn the new one. You should be good after this.