Official Delivery Discussion

Type your comment> @TazWake said:

@GlitchDSA said:

So iv been having an issue and iv searched all over and cant find the solution.
My problem is that when i connect to vpn and head to the box url it works BUT ANY url that ends with a “.htb” it loads and loads then doesnt connect and gives me a “Hmm. We’re having trouble finding that site.” error.

Scroll up a few questions:
Official Delivery Discussion - Page 7 — Hack The Box :: Forums

Im new to HTB

You might get some value out of working through the starting point boxes and some of the retired ones following Ippsec’s videos.

and i assumed that it was just a filler or something for looks to add more realism to the site but im stuck and its all i got so is there a way to access this and if so why cant i?

There is no DNS on HTB.

“You might get some value out of working through the starting point boxes and some of the retired ones following Ippsec’s videos.”
i cant get vip im broke :neutral:

And a better way to ask my question is how can i access the help desk link and if its to much of a hint then thats fine :disappointed:

Type your comment> @GlitchDSA said:

Type your comment> @TazWake said:

@GlitchDSA said:

So iv been having an issue and iv searched all over and cant find the solution.
My problem is that when i connect to vpn and head to the box url it works BUT ANY url that ends with a “.htb” it loads and loads then doesnt connect and gives me a “Hmm. We’re having trouble finding that site.” error.

Scroll up a few questions:
Official Delivery Discussion - Page 7 — Hack The Box :: Forums

Im new to HTB

You might get some value out of working through the starting point boxes and some of the retired ones following Ippsec’s videos.

and i assumed that it was just a filler or something for looks to add more realism to the site but im stuck and its all i got so is there a way to access this and if so why cant i?

There is no DNS on HTB.

“You might get some value out of working through the starting point boxes and some of the retired ones following Ippsec’s videos.”
i cant get vip im broke :neutral:

And a better way to ask my question is how can i access the help desk link and if its to much of a hint then thats fine :disappointed:

i apologize i figured it out, i just added it to my host file :smile:

@GlitchDSA said:

i apologize i figured it out, i just added it to my host file :smile:

Awesome.

Great box and as real as it gets IMO. Sometimes, those creative solutions from developers have consequences. If you are struggling and not seeing anything meaningful in your tools, take a step back and spend time using the applications with just a browser and something will stand out.

Rooted, Fun box.
DM me if someone need’s help :smile: .

How did we come to know that the creds should be used to login via s**? I used the creds in the page which was mentioned there and then got stuck.

@gs4l said:

How did we come to know that the creds should be used to login via s**? I used the creds in the page which was mentioned there and then got stuck.

There are two parts to the response here:

  • You don’t often “know” where creds need to be used. Credential reuse is a thing. If you get creds you should always try them in as many ways as possible. For example, don’t assume that a set of creds you find for some non-existent WP database are useless, try them everywhere else (that is not a hint for this box, it is an example)

  • Linux has lots of ways to authenticate. Dont fall into the habit of trying one then stopping.

I’m completely stuck with root. Can someone please dm me for some nudge?

Ahhh nevermind guys, i’m incredibly stupid and careless

hey i had a lot of trouble. i never got the email veri. i tried signing up many times to no avial. nonetheless i got user.

having trouble on root now. got to the file that shows credentials, but… cant seem to login. i mean it’s there, even read the Ma******** documentation, which clearly says user:password. hope someone can help me

@computerpimp said:

hey i had a lot of trouble. i never got the email veri. i tried signing up many times to no avial. nonetheless i got user.

having trouble on root now. got to the file that shows credentials, but… cant seem to login. i mean it’s there, even read the Ma******** documentation, which clearly says user:password. hope someone can help me

Enumeration. Read the configuration files and what you need for the next step is there.

Does this box need a cve to gain a reverse shell ? Or we need to create an account ? I think the solution is about “tickets” service, but I can’t be sure of that.

@UVision said:
Does this box need a cve to gain a reverse shell ? Or we need to create an account ? I think the solution is about “tickets” service, but I can’t be sure of that.

As @TazWake said above you, this box is all enumeration and picking up little pieces of the puzzle as you go. If you can create an account on a box you should be doing that anyway to see where you can poke around more

if you need more of a nudge you can PM me

@HcKy I see, I must to find a “trick” to create an account without click on a confirmation email.

Working on root I found some files names hae and rey numbered from 0 to 7. The files contained some hashes. Is this the right track because there are plenty of hashes and will take time to crack. If not, could anyone give a nudge in the right direction?

@gs4l said:

Working on root I found some files names hae and rey numbered from 0 to 7. The files contained some hashes. Is this the right track because there are plenty of hashes and will take time to crack. If not, could anyone give a nudge in the right direction?

Some things to consider.

  • First blood on this box was 42 minutes. So even if you have a super slow machine, anything which is likely to take 2+ hours is probably not the right path
  • I suspect the hashes you have found are related to something else, possibly accounts created earlier on by people tying to get a foothold.
  • There is only one you need to crack and you probably need a custom wordlist for that.

I got credentials to connect to email os******* agent service, and now I’m stuck on how to become user with this access ?:frowning: I got also several “strange” hashes that I can’t crack.

Finally resolved, it was just an ss* issue.

Hello. I have looked at the hints and cant figure it out. Can someone PM me? I cant get around the email verification issue. I know the @ address.

@ealcorey4 said:

Hello. I have looked at the hints and cant figure it out. Can someone PM me? I cant get around the email verification issue. I know the @ address.

You only need to verify against one thing and it probably isn’t the thing you think it is.

Once you’ve worked out how the first thing works, you can find interesting ways to use that.