Finally Rooted I spent a lot of time here ■■■■!
hi. ppl.
I got stuck at the very beginning. Could anyone help me?
I enumerated the ports. Got 5 .htb domains, also 1 inner ip. Got 4* port open on that ip. But don’t know what to do next.
Can someone help me with the axxxx user? I can’t get sxx to work.
This is a hard box. I appear to be going insane and if anyone is available to give me a sanity check it would be appreciated.
I’ve found a lot of information that implies a certain path, using pychs to route traffic in a certain manner. I am trying to use nmap (and other enum) through this to hit the internal resources, but it is consistently failing in a manner which implies it simply isn’t viable.
However, I’ve run out of ideas now…
@TazWake said:
This is a hard box. I appear to be going insane and if anyone is available to give me a sanity check it would be appreciated.
I’ve found a lot of information that implies a certain path, using pychs to route traffic in a certain manner. I am trying to use nmap (and other enum) through this to hit the internal resources, but it is consistently failing in a manner which implies it simply isn’t viable.
However, I’ve run out of ideas now…
You are on the right track, and this is basically the way to go. In the beginning, it requires a slight twist, though.
Do you already know what other internal resources there might be?
@HomeSen said:
You are on the right track, and this is basically the way to go. In the beginning, it requires a slight twist, though.
Do you already know what other internal resources there might be?
Only through some educated guesswork. I’ve tried running enumeration tools through the 3 hops I have set up but it fails catastrophically. I even manually created a route because the target IPs arent in the range normally assigned to tun0 but it seems to die at the HTB gateway.
One of the things which is frustrating me is p*********s normally works. I don’t know why it seems to have decided it doesn’t like me any more 
I’ve done a bit more testing - including spinning up instances in both AWS and Azure and it generates the same “denied” message when I try to use p__________s to do anything. It pretty much defeats enumeration attempts.
Did I miss some important auth or something?
There is no authentication required for this part. I’ve just checked the part you are stuck at from within my CTF Kali VM and can enumerate just fine.
Maybe you can try switching to another server instance or VPN zone, as you already ruled out (active) misconfiguration of the tool on your end. Because it looks a little like the machine you are targeting is broken.
@HomeSen said:
There is no authentication required for this part. I’ve just checked the part you are stuck at from within my CTF Kali VM and can enumerate just fine.
Maybe you can try switching to another server instance or VPN zone, as you already ruled out (active) misconfiguration of the tool on your end. Because it looks a little like the machine you are targeting is broken.
So, I had a bit of spare time - I switched to EU-VIP-11 but same problem :lol: All my packets are being rejected by the first hop, which is responding that the service is not available.
I even cracked and switched to EU-VIP-14 as well. Same problem.
I want to think it is an issue with my configuration, but it was an identical problem with the clean installs from marketplace images in AWS and Azure.
It really does feel like I am not destined to progress this box 
@TazWake said:
@HomeSen said:
There is no authentication required for this part. I’ve just checked the part you are stuck at from within my CTF Kali VM and can enumerate just fine.
Maybe you can try switching to another server instance or VPN zone, as you already ruled out (active) misconfiguration of the tool on your end. Because it looks a little like the machine you are targeting is broken.So, I had a bit of spare time - I switched to EU-VIP-11 but same problem :lol: All my packets are being rejected by the first hop, which is responding that the service is not available.
I even cracked and switched to EU-VIP-14 as well. Same problem.
I want to think it is an issue with my configuration, but it was an identical problem with the clean installs from marketplace images in AWS and Azure.
It really does feel like I am not destined to progress this box
It turns out I am a bigger ■■■ than I realised. It was a layer 8 issue that I managed to repeat several times. I’ve no idea why I failed to spot it for three days but typos are killers.
in my humble opinion this is obviously not a hard machine, i think it should be consider as insane machine, or maybe i am just a bit rusty, it took me ages to find the way to the root
but finally i got it, rooted!
i will be willing to help if anyone here feeling frustrated or stuck somewhere, feel free to DM/PM me for any questions, hints or nudges.
Got root! Learned a lot about Kerberos)
Type your comment> @PencilNeck said:
Oh boy… I got sick reading the doggy docs.
Nice machine, thank you @polarbearer
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
great box @polarbearer!
pm if you need a nudge.
Type your comment> @camk said:
rooted. really fun box that taught me a lot about the app it is named after, the main tool needed to exploit it, and finally the k dog. thanks @itsdafafo for a steer near the end.
great box @polarbearer!
pm if you need a nudge.
this is a mad box… glad you rooted it! nice. ?
Rooted, i learned a lot. Pm me for hints.
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
@dragonista said:
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server 
Type your comment> @HomeSen said:
@dragonista said:
Would someone help me understand why I can’t run gobuster through p*********s ? nmap works perfectly well (I found and nmap’ed w—.r-------.—) but gobuster keeps timing out. I tried writing my own script but it’s far from being as effective as gobuster (1h30 in and not even 20k requests sent ><).
No need for gobuster, here. Just try to imagine what might be served by that server
Mmmh, okay, found it ! Well… I’d like to make gobuster run still, but at least I can move on 
Thanks !