Official discussion thread for Diagnostic. Please do not post any spoilers or big hints.
Hi ! iam on the last step of the challenge ,could someone give me a nudge ?
1 Like
Feel free to dm me
2 Likes
i get a flag but I think I got the flag it makes sense with the others but some character is missing
can anyone give me some advice?
i didnt understand this {0}"-f
get correct flag all corect my only mystake is mispelling 1 word.
This is the PowerShell format operator:
see for example ss64 How-to: The -f Format operator
"String with placeholders" -f "Array of values to place into the placeholders"
3 Likes
Yes, I already got the flag actually I had put an l in place of the 1
thanks
Fun challenge! Learned some new tools and felt better about my ability to read Powershell.
Hello all. I always get confused when I come to a challenge that has a “instance” or remote server/computer that I have to start. Once I’m done starting the server do I have to connect to VPN or something?
1 Like
After starting the server (usually a Docker instance on a server managed by HTB), the IP number and the port number are displayed. You can access the IP:port without a VPN.
You need a web browser, netcat, or another client to connect to the given TCP address IP:port. Which program you need depends on the challenge. Figuring out the best program or writing/writing a small client is part of the challenge.
Hi. so i connected to vpn via openvpn and I tried 10 different ways to dl the layoffs.doc file but i’m still unable to. not sure what high port is being used 31873
any help is appreciated
For the challenges connect to the given IP:port without VPN.
I just checked, the challenge works. You can start the challenge, connect to the given IP:port and download the file. I have tried it right now.
You do not need a VPN connection to HTB. When you reach the HTB website to start the challenge, you can also reach the specified IP:port given after clicking start instance.
Really cool challenge inspired by a real life scenario. well done 0xdf
Hints
1- Extract information differently rather then double clicking 0_0
2- You must have a good grep of linux commands
3- It might look weird but it works 
I tried to do it but going to the IP:Port i have 404 as the response.
However a few hours ago i received 2 tcp open port (53, 30000) from the IP given but now I receive just 1 port (53).
404: the HTTP code for “not found” (see e.g. client_error_responses). It could be caused by an invalid URL; trying to access a resources that does not exists on the server.
I do not understand. The IP is sending port numbers to you? Are you running nmap on the IP?
You get the IP number and the port number of the server immediately when you start the instance of the challenge on the HTB server. It is only this IP:port to access the web server, no other port.
I’m also getting a 404 when I try to navigate to http://: I’ve tried adding the IP / URL to my /etc/hosts file as well. Still nothing
404: the HTTP code for “not found”. The HTTP server returns this code number when you try to access a non-existent resource. At least one file exists on the server. But some files that exist on most HTTP server are not on this server.
I think I am on the right track, but after getting the file and looking through the contents I am unable to make any more traction. Any help would be greatly appreciated.
You can try to look deep into the content. You should go down to a level where you can review each char.
I found the reference for the download in the file, but the download stays at 0% until it times out. I must be missing something else or chasing a dead end.