I think that’s part of why it’s ranked “hard”, because of the rabbit holes present. I don’t mind; it’s good to practice finding out when you’re stuck in one and cannot proceed further. Too many times I have tunnel vision and will keep trying something futile because I’m forgetting the big picture.
1 Like
You dont need a rev shell for foothold.
uh i was able to log in to GB with certain default creds like 2 hours ago, now im back at it and its not working. I wonder if someone changed them?
E: Yes, someone had changed them, reset fixed it. PLS guys dont do that
I think it regenerates a random ** on restart.
happened to me a few times
You guys are insane for thinking this is a medium.
I’ve just spent the last 30 hours chasing random rabbit holes and it turned out to be something I made a note of within the first hour.
1 Like
Did anyone manage to make the
Summary
SSH keys
work?
chatGPT helped me with it
1 Like
are you on about the SSH keys?
yes. ask him to reformat it
Thanks, I had done that 20 times, and it didn’t work.
Finally did, thanks!
Wow, there are indeed rabbit holes. It took me a few days to get out of these rabbit holes. After that, in 20 minutes got user and root 
For those still stuck, the chemical formula for water is H2o. It can do more than just viewing data.
2 Likes
Same!!! Got user and already got the path for root, this is not that medium box, but i liked it 
so after working for a few days my ssh key is no longer working and neither is the exploit I used to get user, saying function not found. this even after resets and switching vpns. anything else hit this?
Don’t know what exploit you used, but for the SSH key, it seems to be regenerated on every boot. I noticed that when a machine would get reset, I’d have to use the user exploit all over again.
the method I used to get the ssh key finally worked on my 3rd vpn change. which makes me wonder if I missed something needing to be done prior to make it work or if the method is just not working on some boxes.
Any hints for initial access? I got m**** user for port 80 and the admin user for port 8080 but running into a wall. I looked around everywhere and nothing seems to lead anywhere.
My 2 pieces of hint after getting root shell. Don’t reboot like I did, I was just checking something if you know what I mean.
For root:
-
If you don’t have a foothold for root, read your notes or pad you maintained from the start while you were chasing this machine. There might be something you saw during your time which might help you now
-
Now that you found the thingy, golang might give you a hard time. That blue cute beaver is not so cute after all. Use python.
-
Now that you have python and you developed the full stack application, you might want to tinker with golang code, run it locally maybe. Understand what is does and what is can do for you.
Don’t reboot. Seriously very slow machine. I understand why someone might do it but don’t.
Edit: These hints can be a part of brief write up so don’t use them if you can. @moderators please remove this comment if it reveals a lot as I am still getting the hang of hackthbox and general community.
PLEASE
don’t reset the d*mn machine
6 hours to go, started to get worried 