Official Time Discussion

Type your comment> @elseif said:

Type your comment> @lebutter said:

I don’t understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn’t work and checked the other.

Only when i saw the hints did i think that I needed to recheck every single one of those carefully, but without knowing it it’s a different thing. Once you know the hints it’s indeed easy but without the hint you can easily fall into rabbit holes and mess around with things that are somehow realted to the vulnerability which won’t work.

Root is definitely easy and a “classic” of privesc for those who are learning privesc.

My experience was exactly this. Spent all afternoon knowing the weak point but digging through the many possible CVE’s and dead ends before landing on the one that works. It boggles my mind how quickly people pinned down the right one but I’m sure experience plays a role.

No, experience doesn’t count here, you are given a simple clue as to what to search for and that’s it.
User blood was insanely fast, either he was VEEERY lucky or a big hint was handed out to him, plain and simple.

Can someone give any nudges ? , I know it has something to do with De****** but can’t figure out how to do it .

done…
really easy…finding the CVE was not so trivial, but privesc was really a classic.
I cannot give hints without spoiling something…

My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven’t had the issue on the other ones. Friend had the same issue tonight when he did it. I’m running on a VIP instance and he was on the free server - both had the same issue.

Pretty good box though. Root was pretty trivial but the initial foothold took a little searching for the correct exploit.

@prodlsd said:

My friend and I have had issues submitting flags on this box when we owned it. I had to wait nearly 20 minutes and wait for the flag to regenerate before the site would take it last night. Haven’t had the issue on the other ones. Friend had the same issue tonight when he did it. I’m running on a VIP instance and he was on the free server - both had the same issue.

This should be raised to HTB via a JIRA ticket. They cant fix it if they don’t know it is broken.

Very nice box - but I wouldn’t say easy if enumeration process takes that long.
Without burp and curl-export this trial and ERROR is a hell of a ride :smile:

I also have the FLAG ISSUE - my flags are not accepted? does anybody know why!

@m0r4k said:

Very nice box - but I wouldn’t say easy if enumeration process takes that long.
Without burp and curl-export this trial and ERROR is a hell of a ride :smile:

I also have the FLAG ISSUE - my flags are not accepted? does anybody know why!

It crops up in every thread on every box. The way HTB generates dynamic hashes means that sometimes they aren’t accepted.

You can:

  • report it to HTB via JIRA and they can fix it.
  • wait and repwn the box, it normally fixes after about 20 - 30 minutes but if people keep rebooting it will never fix.

Just remember, every time the box reboots, or you switch VPNs, it needs a new hash.

Type your comment> @PapyrusTheGuru said:

Think I already know the vulnerability, just got to understand how to exploit it lol.

Same here

Type your comment> @PapyrusTheGuru said:

Think I already know the vulnerability, just got to understand how to exploit it lol.

Definitely can relate to this one. I’ve tried a few things out but I’m surprised that it isn’t working. I’m sure it’s something trivial.

Anybody having issues with their root shell not persisting very long? I’ve managed to pop the root shell, but it seems to expire after ~5 seconds.

Type your comment> @toddbrecher said:

Anybody having issues with their root shell not persisting very long? I’ve managed to pop the root shell, but it seems to expire after ~5 seconds.
pm

Type your comment> @Chobin73 said:

Type your comment> @toddbrecher said:

Anybody having issues with their root shell not persisting very long? I’ve managed to pop the root shell, but it seems to expire after ~5 seconds.
pm

Can you please pm me the same thing? I just rooted Time also (with a little help from a friend) :wink: but we both experienced a very very unstable root shell. It’s enough to get the flag, but it doesn’t feel solid. Any advice to improve is very welcome!

Hello,

After a lot of days of enumeration and learning i found the right CVE. ( Or i guess I did )

Is any1 kind and can provide me some tips in regards to how can i make the exploitation?

I cannot write here what i tried so far, but I can send a personal email with everything that i tried.

If any of you with more experience can provide some hints to a noob like me, is more than welcome!

Thank you!

honestly though, why isn’t this box rated insane?

.

the user asked for sometime but the rest was easy except that the root shell was quite unstable. It can be kept next to traceback if i consider its easiness

I think i’ve found the vuln although there are two that I’m looking at. Not sure if maybe I am mistaken and maybe just going down a rabbit hole. I am getting an error “Objectno such class found" when trying to use "zh****.HC” class.

Can’t seem to get a foot hold on this one. I can get the error (V********n f****d:)but can’t seem to find any CVEs. Can someone help me out?

Rooted.

Hint for user: Start with latest CVEs first. Not doing this wasted a lot of my time.

PM for nudges.

Nice box. The hardest part is finding the right CVE after that its pretty straight forward.