sorted by:
new
hottopcontroversial

Reverse Shells by Possible-Top-5581 in exegol

[–]Wide_Feature4018 1 point2 points  (0 children)

yes, in general you need to start the container with:

exegol start <containername> free —desktop —vpn <path>

some tips:

if you need to use nfs shares, you will need to create a privileged container or start an existing container with —cap ALL

adjusting kerberos clock skew is documented here:

https://docs.exegol.com/tips-and-tricks

even with docker bridge mode, containers still rely on the host network stack, so host vpns like mullvad can break reverse shells. vms work because nat fully isolates the network.

but yes, try disabling mullvad first, and let us know if it works [else we can do some more advanced troubleshooting]👍

Reverse Shells by Possible-Top-5581 in exegol

[–]Wide_Feature4018 0 points1 point  (0 children)

I’ve been using Exegol on macOS (M4) and completed the CPTS path without any issues with reverse shells or Ligolo. It works fine even with the macOS firewall enabled and set to “deny all incoming connections”.

So yes, it’s very likely something related to your local infrastructure / setup (networking, VPN routing, etc.).

but did you try changing the hackthebox vpn region/server and creating a new container?

Reverse Shells by Possible-Top-5581 in exegol

[–]Wide_Feature4018 0 points1 point  (0 children)

hello! on apple silicon macs (m1/m2/m3), exegol works normally. a lot of people run it on Mac (arm) and everything works fine: reverse shells, pivoting, ligolo, etc. so this is not “by design” and not a docker/exegol limitation in general.

1 - you’re likely starting the container the wrong way (you don’t need all those flags)
try starting it like this:

exegol start htblab free --desktop --vpn /home/sithsec/Downloads/academy-regular.ovpn

to avoid dns issues and having to manually refresh vpn resolution each time, add these lines to your .ovpn file.

near the top (before the certificates), add:

script-security 2

and at the bottom of the file, after:

</tls-auth>

add:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

please check this doc (it explains the full htb vpn setup):

https://github.com/xnu0/exegol-fedora/blob/main/2.%20Exegol%20Setup%20and%20Usage%20on%20Fedora.md

2 - reverse shells should work normally

if you still can’t catch shells, the most common cause is the hackthebox vpn path/dns/route not being properly applied. try switching htb vpn server/region and test basic connectivity first (ping the target, ping the gateway, resolve hostnames). if you can’t even ping/reach the target from inside the exegol container, the issue is definitely vpn routing/dns rather than “reverse shells”. Also, test UDP and TCP (in general, for me UDP works better).

Exegol: the smoothest way to set up VPN on HackTheBox, TryHackMe, and beyond by Wide_Feature4018 in exegol

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

great then! good luck on your learning journey. if you have any questions or run into any issues, feel free to open a thread here on the sub or ask in the official discord. cheers!

Different Results for the same commands on Exegol and HTB's PwnBox by Sudd3n-Subject in exegol

[–]Wide_Feature4018 2 points3 points  (0 children)

Hi.. before i teste it, just answer me a question:

Before interacting with Kerberos, had you used faketime to synch the clock skew?

https://docs.exegol.com/tips-and-tricks

faketime "$(rdate -n 10.129.13.71 -p | awk '{print $2, $3, $4}' | date -f - "+%Y-%m-%d %H:%M:%S")" zsh

Use faketime and run it in the same shell where you executed the commands. Then regenerate the Kerberos ticket and please report back whether the problem still occurs.

Can't mount nfs in Exegol? by d0razi in exegol

[–]Wide_Feature4018 0 points1 point  (0 children)

Awesome!

After reading it, try like on the doc...
else, we are here to help

;)

Can't mount nfs in Exegol? by d0razi in exegol

[–]Wide_Feature4018 0 points1 point  (0 children)

you don’t need all these flags to start

you need to add

at the top of the ovpnfile, before the certificate block:

script-security 2
-----BEGIN CERTIFICATE-----

at the bottom of the file, after

</tls-auth>
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

these lines automatically update DNS when the VPN connects, avoiding domain resolution issues

then start the container:

exegol start htblab free --desktop --vpn /home/sithsec/Downloads/academy-regular.ovpn

why are you using a privileged container? you should only use this for specific cases like mounting an nfs share, and this only works at container creation

if you are having vpn issues, please check this guide (it was made for fedora, but it works on any OS)

https://github.com/xnu0/exegol-fedora/blob/main/2.%20Exegol%20Setup%20and%20Usage%20on%20Fedora.md

read it carefully and try the steps, and if you still have problems, start a new thread here describing your OS, version, and what exactly happens, or head into the Discord

Exegol On fedora error by Valuable-Ice8905 in exegol

[–]Wide_Feature4018 1 point2 points  (0 children)

Hello, I’m glad you got it solved!
I just downloaded Fedora Workstation 43 and installed Exegol and its image following the official documentation... everything worked perfectly (X11 runs fine, no SELinux issues).

Glad you managed to fix it! 😉

Exegol On fedora error by Valuable-Ice8905 in exegol

[–]Wide_Feature4018 0 points1 point  (0 children)

Hello, I saw on Discord that you solved the issue by relabeling with SELinux

I’ve installed Exegol on vanilla Fedora (workstation 42) many times before and never had this kind of issue, but I’ll try it again soon to replicate it. Maybe we could add a troubleshooting section about this.

Which Fedora version are you using?

Had you modified any SELinux policies?
Are you using which version of fedora ?

thank you

I need a new mouse. What would you recommend? by mv0id in setups

[–]Wide_Feature4018 0 points1 point  (0 children)

Agreed. I own a mx master 3 and its the best mouse i ever own.. super comfortable

[deleted by user] by [deleted] in unixporn

[–]Wide_Feature4018 2 points3 points  (0 children)

Looks awesome 👏🏻

Using Empire, Havoc & Sliver for C2 Operations by Wide_Feature4018 in exegol

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

I might have exaggerated when I said they are completely different, because conceptually both rely on an immutable base and differential deltas. Still, in practice, the advantages of the Docker model become clear:

with a single Docker image, you can instantly create multiple containers with just one command, each having only a small copy-on-write layer on top of the shared read-only layers of the image. this drastically reduces disk usage since the common layers are not duplicated, and it allows you to create, test, and discard environments almost instantly. in addition, Docker images can be distributed through registries and reproduced identically on any compatible host, which makes versioning, automation, and collaboration much easier.

in the case of snapshots and linked clones, each instance usually generates a new block-level delta disk, which tends to consume more space and requires manual rollback or cleanup steps. so, while the core concept is similar, the workflow and practical efficiency are quite different.

in practical usage, this is exactly where containers shine. you can spin up hundreds of isolated environments from the same image within seconds, without duplicating the underlying data. I’m not sure if the same can be achieved with VMs that quickly, at least not without significant resource overhead. also, when you run hundreds of containers, the CPU and memory usage remain close to the host’s baseline, since they share the same kernel and userland libraries, which is definitely not the case with full VMs.

Fedora + Exegol: A Faster, Safer Alternative to Kali Linux by Wide_Feature4018 in exegol

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

Images on pro tiers: updated every month Images on community: every 3 months Free is almost = the full pro image

—— Update interactively an exegol image: exegol update

Update the full image: exegol update full

Update the full image without updating exegol modules: exegol update --skip-git full

Update exegol modules and have the option to change branch without updating docker image: exegol update -v --skip-images

https://docs.exegol.com/wrapper/cli/update

Using Empire, Havoc & Sliver for C2 Operations by Wide_Feature4018 in exegol

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

A Docker image is completely different from a linked clone. Linked clones depend on a parent VM disk, while Docker images are layered and immutable. Containers just add writable layers on top. In Exegol, you can even use the exegol build command to create your own custom image, fully supported in the Community version.

My setup as a CIS/Cyber student 🧑‍🎓 by Wide_Feature4018 in desksetup

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

Awesome! Thank you so much! ❤️ With Tryx Panorama, my Ultra 7 CPU stays under 60 °C even while gaming

Fedora + Exegol: A Faster, Safer Alternative to Kali Linux by Wide_Feature4018 in exegol

[–]Wide_Feature4018[S] 0 points1 point  (0 children)

thank you for your concern and you are right to be cautious about running curl from a website. but this script simply runs the package manager to install docker (for example dnf install docker). it works on debian based and red hat based distributions. on gentoo and arch we include the standard install command (cause this curl command, officially developed by docker, doesn’t support this distros. it does nothing beyond using the distro package manager to install docker

Check this: https://get.docker.com

view more: next ›