Official Time Discussion

User was a pain in the ass. Really easy, however you need to try many different ways of the similar thing…
Root was really easy and fast to get.
If someone needs a nudge, PM me :slight_smile:

when i am submit flag then its shown incorrect flag why

@johnwickelson said:

when i am submit flag then its shown incorrect flag why

This comes up on every thread about once a week. HTB uses dynamic hashes and sometimes they dont work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Hi, i found the error on the page and did some lookup which leads to CVE details. Then i got stuck. Can someone help? Not sure what can i do from the CVE on-wards. Thanks in advance.

Interesting box - I finally got round to doing it. User was harder than root.

User - experimentation and googling the outcomes is effective.

Root - good enum matters. I was a bit sloppy and it took me twice as long as it should have.

ok so, I got the user flag and found the bash script i am supposed to run, when I run the script i connect to the machine as root but after 2-3 seconds get disconnected… I dont know what’s causing this…can anyone help? Thanks in advance

@EX1TZER0 said:

ok so, I got the user flag and found the bash script i am supposed to run, when I run the script i connect to the machine as root but after 2-3 seconds get disconnected… I dont know what’s causing this…can anyone help? Thanks in advance

Its like that whatever you are doing to get a shell is only running as long as the script runs - so when it exits, so does the shell.

You might want to get it to do something which gives more stable access to a secure shell.

Type your comment> @Chobin73 said:

Type your comment> @toddbrecher said:

Anybody having issues with their root shell not persisting very long? I’ve managed to pop the root shell, but it seems to expire after ~5 seconds.
pm

Having this same issue, any tips?

@lanjlanj said:

Having this same issue, any tips?

I got user at this point, and I think I found what I need to know for root, but based on what I found and how it can be used, it got me all confused…can someone help and put me in the right track?

@grav3m1ndbyte said:

I got user at this point, and I think I found what I need to know for root, but based on what I found and how it can be used, it got me all confused…can someone help and put me in the right track?

Difficult to not spoil, but if it is writable, write to it.

Type your comment> @TazWake said:

Difficult to not spoil, but if it is writable, write to it.

I had to PM you, but I’m sure we are talking about the same thing.

Just to think I wasn’t that far off from it (SMH)! Definitely was a fun box!

BTW, @TazWake thanks for the nudge!

Can someone PM me about the foothold and the user?

@swiru95 i will

Hi everyone, ive been looking for a CVE but there so many that i cant tell what to use. Any help? please

Type your comment> @MariaB said:

@swiru95 i will

Hi @MariaB, can i get some hints too? Thanks in advance.

@marsupial33 said:

Hi everyone, ive been looking for a CVE but there so many that i cant tell what to use. Any help? please

If you look at the response to various submissions, there is a string which helps narrow down the search.

@marsupial33 said:

Hi everyone, ive been looking for a CVE but there so many that i cant tell what to use. Any help? please

I had the same problem initially but if you look at how they have patched these types of vulnerabilities you can use that knowledge to find the correct one by automation. It really makes the needle stand out from the haystack.

Some people said this box is easy but honestly, when you never had to exploit that kind of vulnerability, it’s kind of a nightmare. I spent hours and hours reading articles and watching videos, trying to get my head around it, plus… Java… and in the end that was a little push from @TazWake that helped me enough to get a shell. But, yeah, if you struggle, that’s okay, lots of new things here and you might catch a lot of fishes before grabbing the good one. Good box overall, and root part was just a matter of paying attention.
I also don’t know why people said to look at the newest CVE, it seems very misleading, unless there are several ways to do it, in case I’d be happy if someone could give me a link with explanations :slight_smile:
Thanks @egotisticalSW & @felamos !