I’m stuck on G****** too!!!
rooted! finnaly! the last part to get root access really got me thinking, after a while i found something that lead me to something when i run ltr**e on that something make me gotta do evasion thing on it.
feel free to DM me if any of you guys need help.
btw @artilleryRed i’m also got that problem, because i’m using new hardware i just make sure i installed docker and docker composer properly and when i docker exec -ti **** bash ,it worked and you just simply put gitlab-rails console as command .
I was asking for some assistance on this. Then developed a test case to see if I could move further. At this point, I am a bit further along. I was just going to delete the post I did, but could only edit it… I may be back though. 
yesterday got a shell as g**, and today 502 hahahaha
Type your comment> @balkan said:
yesterday got a shell as g**, and today 502 hahahaha
im stucked, i have a shell as g**, any nudge plis?
@balkan said:
Type your comment> @balkan said:
yesterday got a shell as g**, and today 502 hahahaha
im stucked, i have a shell as g**, any nudge plis?
Dammn stuck with G***** login page any hint .
stuck on 502 too 
@zzzsnickerzzz said:
stuck on 502 too
After resetting the box, it will take quite some time, until all required services are up, again. During that time, make sure no one else initiates a reset (check the Shoutbox on the HTB site, and cancel all reset requests fro the box).
This was really fun. I thought I’d leave some closing words.
Foothold: We have it way easier than those before us. It’s been weaponized we just need to use it. No Dr C***r needed.
User: Priv esc tool is all you need unless you’re very used to g****b.
Root: Priv esc tool finds it, will you? D****r even wrote about using it …
Hello, it seems that the machine doesn’t reset. I tried to reset without any success my files are still there.
Moreover the hash in the user.txt file doesn’t work.
can someone give me hints on the G page? trying to bruteforce it but it dosent work,pm me
Rooted!
uid=0(root) gid=0(root) groups=0(root),1000(d****r)
Foothold
- Enum to find it
- Google and you’ll find what you can do with it
- Somebody did this before and was so kind to leave a tool behind
User
- Crack it or change it
- Sharp eye for obvious
Root
- Enum is better than peas to find it
- Blink and you will miss it
- After you see the thing, look what it does and get in the way
PM if you need a nudge.
Type your comment> @HomeSen said:
@zzzsnickerzzz said:
stuck on 502 too
After resetting the box, it will take quite some time, until all required services are up, again. During that time, make sure no one else initiates a reset (check the Shoutbox on the HTB site, and cancel all reset requests fro the box).
i did but its still 502
@zzzsnickerzzz said:
i did but its still 502
If you are 100% sure you’ve waited a long time for the box to recover from a reset and you’ve blocked any one else trying to reset it, but it still wont come up, then you need to raise a jira ticket with HTB. Its not something people on the forums can help with.
I had to do that with this box because after 30 minutes it still hadn’t recovered.
From what I can gather, if it is more than about 20 minutes you have a broken box.
help me for finding loggin page
I managed to root it with a big hint I found.
My question now is: after getting the foothold shell, how did other people know to go for changing the an pd with g-r**** c*****e? What would be the train of thought?
Was completely looking at the wrong thing for root 
Make sure you look at it critically
so i have found the g*** page but cant create a user is this part of the box or is something broken by chance?
@TakuMaster said:
help me for finding loggin page
Run nmap with -sC -sV -p- and look closely at the output.