Official Blackfield Discussion

@reverie said:

Pretty sure someone is trolling and changing the root flag.

Can someone provide the root flag to me if I give them the administrator hash?

HTB uses dynamic flags. There is a new flag every time the box resets and different flags on each VPN connection.

If rooted the box and gave you the flag, it would be no use to you and we would probably both get banned for violating HTB’s rules.

When you get a flag you need to use it fairly quickly.

Type your comment> @TazWake said:

@reverie said:

Pretty sure someone is trolling and changing the root flag.

Can someone provide the root flag to me if I give them the administrator hash?

HTB uses dynamic flags. There is a new flag every time the box resets and different flags on each VPN connection.

If rooted the box and gave you the flag, it would be no use to you and we would probably both get banned for violating HTB’s rules.

When you get a flag you need to use it fairly quickly.

Thanks. Reset the box twice before seeing this post and noticed two different hashes. Submitted the second one and it went through.

Thought it was legit part of the machine for a bit, but things didn’t add up. Was picturing the machine creator creating the final hurdle like: https://i.kym-cdn.com/entries/icons/facebook/000/017/354/elrisitas.jpg

@reverie said:

Pretty sure someone is trolling and changing the root flag.

Can someone provide the root flag to me if I give them the administrator hash?

For quite some time, flags have become dynamic. Unfortunately, this system isn’t working very reliable at times. Try the following:

  1. Reset the machine
  2. Wait at least 1 minute after the reset has finished
  3. Dump the root.txt and compare it to the one you previously got
    3.1. When it’s different, try to submit it
    3.2. When it’s the same as before, wait another minute and go back to step 3
    3.3. Should it still be the same, place a “marker file” somewhere, and reset the machine again
  4. Check whether your “marker file” is still present, after resetting the machine
    4.1. If the file is still there, issue another reset and keep an eye on the “Shoutbox” to see whether someone cancelled your reset request

If everything fails, contact the support via Jira: HTB Support on JIRA — Hack The Box :: Forums

Finally rooted this bad boy! Great box, learn’t a few new things.

I got the flag root.
but when I pass it, it writes the wrong flag
I reloaded the box 5 times

@fili0x232f said:

I got the flag root.
but when I pass it, it writes the wrong flag
I reloaded the box 5 times

Try to change VPN, are you sure the box have been really reset ?

Type your comment> @Caracal said:

Try to change VPN, are you sure the box have been really reset ?

Yes, i change VPN and box reset

@fili0x232f said:

Type your comment> @Caracal said:

Try to change VPN, are you sure the box have been really reset ?

Yes, i change VPN and box reset

HTB flags are dynamic. Resetting the box is making your problem much worse and breaking it for everyone else.

Changing VPNs also changes the flag.

Flags are only valid until the next reset so when you get a flag you need to use it before the box is reset. If it doesn’t work check (i.e. shoutbox) to make sure no one else has been randomly resetting the box.

If your flag is rejected, recheck the box to see if it has changed and if so, use the new one. If it hasn’t, either wait and try again or raise a JIRA ticket with HTB who can try to resolve it for you.

any idea/article on how to get the “tool” to work to extract the content from the dumpster files (if that does’nt give away anything)? I am trying to get it to work but not having any luck. i can provide what i have attempted so far

Edit…of course it would help if I updated the damn tool lol.
EDIT…okay even that didn’t work. keeps getting incompatibility errors even though the profile matches the os build. any help is appreciated on this part!

@walk said:

any idea/article on how to get the “tool” to work to extract the content from the dumpster files (if that does’nt give away anything)? I am trying to get it to work but not having any luck. i can provide what i have attempted so far

Edit…of course it would help if I updated the damn tool lol.
EDIT…okay even that didn’t work. keeps getting incompatibility errors even though the profile matches the os build. any help is appreciated on this part!

Google the tool name and the file you are working on.

@walk said:

any idea/article on how to get the “tool” to work to extract the content from the dumpster files (if that does’nt give away anything)? I am trying to get it to work but not having any luck. i can provide what i have attempted so far

Edit…of course it would help if I updated the damn tool lol.
EDIT…okay even that didn’t work. keeps getting incompatibility errors even though the profile matches the os build. any help is appreciated on this part!

I have the same situation. Vol*****y says: “No suitable address space mapping found” and “No suggestion profile”. Also tried with WinDG, but didn’t see any useful.

Type your comment> @TazWake said:

@walk said:

any idea/article on how to get the “tool” to work to extract the content from the dumpster files (if that does’nt give away anything)? I am trying to get it to work but not having any luck. i can provide what i have attempted so far

Edit…of course it would help if I updated the damn tool lol.
EDIT…okay even that didn’t work. keeps getting incompatibility errors even though the profile matches the os build. any help is appreciated on this part!

Google the tool name and the file you are working on.

I did that. I keep getting the following errors each time:
Suggested Profile(s) : No suggestion (Instantiated with no profile)

@Wimm said:
@walk said:

any idea/article on how to get the “tool” to work to extract the content from the dumpster files (if that does’nt give away anything)? I am trying to get it to work but not having any luck. i can provide what i have attempted so far

Edit…of course it would help if I updated the damn tool lol.
EDIT…okay even that didn’t work. keeps getting incompatibility errors even though the profile matches the os build. any help is appreciated on this part!

I have the same situation. Vol*****y says: “No suitable address space mapping found” and “No suggestion profile”. Also tried with WinDG, but didn’t see any useful.

glad i’m not the only one. I keep experimenting with the syntax and looking at articles, but nothing points me to the answer on the reasoning for why it fails.

@walk said:

I did that. I keep getting the following errors each time:
Suggested Profile(s) : No suggestion (Instantiated with no profile)

Ok, I think you are using the wrong tool. There is one dedicated to getting loot from the file you have and it comes in a windows or Linux version.

The one you’ve used will struggle because you dont have what it expects. If you look at most of the google hits for your tool and what you have, there is an assumption that you actually have something else.

Some of the links point to the tool you’d use with what you have now.

Type your comment> @Tapper21 said:

I got it!! :slight_smile: Thanks zdko, Tazwake,achyromaric and other member of this great group!
Evil-WinRM PS C:\users\administrator\desktop> whoami
blackfield\administrator :slight_smile:

u welcome

That was a very solid box! Props to @aas

C:\Windows\System32>whoami && ipconfig nt authority\system Windows IP Configuration Ethernet adapter Ethernet0 2: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : dead:beef::84cd:5c8:8ea4:9a15 Link-local IPv6 Address . . . . . : fe80::84cd:5c8:8ea4:9a15%17 IPv4 Address. . . . . . . . . . . : 10.10.10.192 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.10.10.2

Ok, i got it. Found the right tool but applied it to the wrong file

Big ups to @TazWake on the assist! Finally got user after getting my ass kicked by the initial foothold. root shouldn’t be too hard.

Did you guys try downloading a file from the box? I tried getting a 17mb dump over SMB but it keeps failing. Any tips would be appreciated.

Type your comment> @Purp1eW0lf said:

This is one of the best HTB machines I have ever done. I’m really grateful to the box creator for the effort they clearly put in. I’d appreciate any feedback on my writeup for this box: GitHub - Purp1eW0lf/HackTheBoxWriteups: Writeups for the machines on ethical hacking site Hack the

I wanted to offer some hints that maybe haven’t been said on this forum yet, or need to be reiterated:

User 1 to user 2

  • There’s a username that stands out, and correlates with an SMB share description.
  • RPC is what you want, but the syntax needs a google.

User 2 to User 3

  • Need to take the Kat for a walk but you’re on Linux? There’s a specialised tool for this very purpose.
  • If you’ve done proper LDAP enum, and paid attention to a high port, you should know whose user creds you’re looking for.

User 3 to Root

  • I found that Tobor knew what they were talking about more. But Tobor can’t spell for SHIT, so double check their spelling mistakes
  • For some reason, you’re going to need to add one space-bar space at the end of every line for that script. I have no clue why, but just go the end of each line and hit space.

All the hints anyone should need are here.