Official Outdated Discussion

Official discussion thread for Outdated. Please do not post any spoilers or big hints.

I got root. But this cannot be the intended path right? HTB might want to patch the machine :sweat_smile:

Ye same :joy: They’ll probably fix it in the next days

Any nudge for intended ? It seems that I can get a callback but no idea where to go next as it doesn’t do something on a certain part

im also stuck on user. I do think im on the right path tho

I think there will be a quick patch for the box :neutral_face::neutral_face::neutral_face:

its already patched i guess

Not yet

user flag:

  • something good is shared
  • the share shows an address and a list of to-try
  • one of the to-try leads you to your office, where you need to write some doc
  • share your doc via a link to the support team, so that the team will give you the access
  • note that the mail checking part appears to be unstable, if no callback, reset your machine and try again
  • you are in the host, take your dog for a walk
  • learnt that you can give another user a password to access
  • gain that user’s ticket via the password you provided
  • be the other user via the hash

root flag (first got root via unintended way, the following is a summary on the intended way):

  • there is security update server and the reg values confirm it’s exploitable
  • sharpen your wsus to exploit
  • the tool is not compiled, so either compile it by yourself or decompress it from one that’s already compiled (need to do some search online)
  • the rest is pretty straightforward, payloadsallthethings has the instruction given

Can anyone help about callback stuff?

Someone can help? I send an email to the staff (i*su*****@…) and I think something doesn’t work…

I tried resetting my machine multiple times on different days. Tried switching to a different server and it finally worked.

Spoilers should not be posted on the forum.


hi there, which lines do you consider a spoiler, i can either remove or obfuscate.

Well. All of them. Its pretty clear what todo and what to exploit and which order.

Its is a nice writeup


@hackthebox, please remove “All of them”, thanks

I"m stuck finding a binary/executable for a well known tool (W******.exe). Any help will be very much appreciated.

You would have to compile yourself.

Thank you!

you can do some searches online, there is someone who compiled all the windows AD exploits binaries and converted them to use in powershell. all the binaries are gzip and base64 encoded. so the powershell part will just decoding it and decompress it. you can extract all the windows binaries that way. P____S____Pack