Official Static Discussion

Type your comment> @hoangvietitvn said:

file.gz has corrupted , how to repair ? :neutral:

google !!

Type your comment> @kavigihan said:

Any hints on what to do after access to *.20..0/24 network?? I tried brute-forcing the hash I got but no luck…Also tried to find any public exploits

Stuck at this point also. Has anyone moved forward from here?

Type your comment> @camk said:

Type your comment> @kavigihan said:

Any hints on what to do after access to *.20..0/24 network?? I tried brute-forcing the hash I got but no luck…Also tried to find any public exploits

Stuck at this point also. Has anyone moved forward from here?

If you can connect with the VPN fine, see what IPs you can’t access. Then add them to your “ip route”. Thanks to @dizaster101

Can anyone help me pop the shell? I can get RCE… but not a interactive shell… I found a module in **f but I am missing something I guess… it says no session was created.
I can DM the details… thank you

Type your comment> @Aniruddh9 said:

Can anyone help me pop the shell? I can get RCE… but not a interactive shell… I found a module in **f but I am missing something I guess… it says no session was created.
I can DM the details… thank you

Try exploiting it manually

rooted. foothold took the most time - it turned out I had the right approach, but it wasn’t working in the release arena, maybe due to a network timeout. trying again in VIP it worked first time.

thanks @ompamo for a fun box!

putting correct totp still not getting logedin

@hoangvietitvn said:
file.gz has corrupted , how to repair ? :neutral:

there are some github tools

anyone got time for a nudge? need help with root, not sure I really understand ert*

Type your comment> @Reddsec said:

anyone got time for a nudge? need help with root, not sure I really understand ert*

maybe you can print your own format :wink:

maybe you can print your own format :wink:

yeah, after a lot of going in the wrong direction, I managed to root.

Type your comment> @varshitmodi said:

@hoangvietitvn said:
file.gz has corrupted , how to repair ? :neutral:

there are some github tools

actually problem was not with tool it was with the machine. I changed server to EU3 and it worked fine.

I’m in Australia. Even when changing to a server in my region, where the timezone is the same as my host, the machine won’t validate the totp. Shame, seemed like a nice box. Disappointing by HTB release team to allow a box with such a fickle variable. Would have been better off exposing ntp so we could sync our time to the box.

I also have trouble with totp it fails even after reset in eu-free-1, I also tried us , also fails… gotta check other regions

Type your comment> @coldBug said:

Well, if someone else has problems with the t**p step … make sure your time is synced :wink:

To make this more understandable: You have a secret and need to generate tokens for the login… (make sure you know how t**p works). For the latter your time should be synced…

Quick tip on OTP… I just added it to my Google Authenticator on my mobile, and no trouble … xD You guys overthink too much sometimes

I cannot get this to work. The otp part.

I can’t login with the otp. I have the user, the password and the otp. But when I enter the otp, i come to the login page again. Can someone help me, or is there a problem with this machine?

Type your comment> @f1x1t1x1f said:

I can’t login with the otp. I have the user, the password and the otp. But when I enter the otp, i come to the login page again. Can someone help me, or is there a problem with this machine?

I got it work. It was a problem with the time.

whats the time problem?
I know the time should be synced. I have done that.