Access

Any hints on Access (yes, I know it's a new box). I found a couple of files through a certain service. I've tried cracking one with fcr****** with no luck. The other seems corrupted. I've also found one subdirectory in the web interface but can't access it.

«13456725

Comments

  • The other should not be corrupted. I did however open it in it's native app.

    thrash

  • edited October 9

    Spoiler Removed - Arrexel

  • sounds like it

    thrash

  • User down thanks to a couple of hints @Houserenren on to root

  • @n0bf said:
    I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I'm stuck at trying to read the file that was zipped up. I'm assuming I'm on the right track?

    Yes, search more for the filetype and a tool

  • @agonx00 said:

    @n0bf said:
    I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I'm stuck at trying to read the file that was zipped up. I'm assuming I'm on the right track?

    Yes, search more for the filetype and a tool

    I got the user flag, working on root

  • Working on root... I am very bad at Windows privesc! This machine is going to be a great class

    alacerda

  • Guys, I have no idea where to start for this machine. Any hints would be helpful.

  • @tolg4yan said:
    Guys, I have no idea where to start for this machine. Any hints would be helpful.

    look at your nmap scan there are not many services that can confuse you, try the most obvious ones

  • @agonx00 said:

    @tolg4yan said:
    Guys, I have no idea where to start for this machine. Any hints would be helpful.

    look at your nmap scan there are not many services that can confuse you, try the most obvious ones

    I found tel--- and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

  • @flexkid said:

    @agonx00 said:

    @tolg4yan said:
    Guys, I have no idea where to start for this machine. Any hints would be helpful.

    look at your nmap scan there are not many services that can confuse you, try the most obvious ones

    I found tel--- and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

    ther are only a couple files you can access in f--... use one to access the other

  • @n0bf said:
    I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I'm stuck at trying to read the file that was zipped up. I'm assuming I'm on the right track?

    This is the best hint ever, for some reason using the proper program I just got lost but using that "tool" I found said password very quickly.

    If you're still stuck there is a tool to read the file you got on linux, just google the extension and linux.

    Now I'm seriously stuck on root... I can see a certain thing stored what is needed but can't make my commands use it... I swear I'm missing something obvious here.

    blobbo

  • edited September 30

    Any hint for privesc? Is the mdb file I see after login (not the one on Fxx) relevant?

  • edited September 30

    Got system but can't type root.txt... Did it happen to anyone else? Is there more to do? a bit lost here... If someone can pm me that'll be great

  • edited September 30

    EDIT:

    Nevermind. Seems to be working fine now.

    Vex20k

  • @7431i0n said:
    Got system but can't type root.txt... Did it happen to anyone else? Is there more to do? a bit lost here... If someone can pm me that'll be great

    it's normal.

    Hack The Box

  • For people who have done this box: Is it intentional that root.txt can't be read by administrator on this box?

    blobbo

  • @jreeves said:

    @flexkid said:

    @agonx00 said:

    @tolg4yan said:
    Guys, I have no idea where to start for this machine. Any hints would be helpful.

    look at your nmap scan there are not many services that can confuse you, try the most obvious ones

    I found tel--- and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

    ther are only a couple files you can access in f--... use one to access the other

    thanks i found the b.... > @blobbo said:

    @n0bf said:
    I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I'm stuck at trying to read the file that was zipped up. I'm assuming I'm on the right track?

    This is the best hint ever, for some reason using the proper program I just got lost but using that "tool" I found said password very quickly.

    If you're still stuck there is a tool to read the file you got on linux, just google the extension and linux.

    Now I'm seriously stuck on root... I can see a certain thing stored what is needed but can't make my commands use it... I swear I'm missing something obvious here.

    How did you convert the file ?

  • I didn't in the end... There's a much simpler way to privesc - but I can't read the file root.txt (even when I log in as admin).

    blobbo

  • edited September 30

    Edit: I think that I got what I need to do..

  • @blobbo said:
    I didn't in the end... There's a much simpler way to privesc - but I can't read the file root.txt (even when I log in as admin).

    A bunch of people have been running into this, I'm curious to see how to get around it when I finally get to that point. What does icacls root.txt show for permissions?

    --Skunkfoot

  • @jreeves said:

    @flexkid said:

    @agonx00 said:

    @tolg4yan said:
    Guys, I have no idea where to start for this machine. Any hints would be helpful.

    look at your nmap scan there are not many services that can confuse you, try the most obvious ones

    I found tel--- and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

    ther are only a couple files you can access in f--... use one to access the other

    Thanks

  • Any hint on Priv Esc. I created one file but not working :astonished: . Please any one DM

    Arrexel

  • @Skunkfoot said:

    @blobbo said:
    I didn't in the end... There's a much simpler way to privesc - but I can't read the file root.txt (even when I log in as admin).

    A bunch of people have been running into this, I'm curious to see how to get around it when I finally get to that point. What does icacls root.txt show for permissions?

    That's not the problem, figured out the file is a bit... "locked up"... I can't unlock it. Apparently admin should be able to but I had no luck.

    blobbo

  • Very good box thank you ! @egre55

  • edited October 1

    r00ted. Edit: not sure my way is intended

  • anyone got some tips on the initial 2 files? I know you have to analysze one, but one seems locked and one segfaults while analysis....

  • @jownz said:
    anyone got some tips on the initial 2 files? I know you have to analysze one, but one seems locked and one segfaults while analysis....

    check if you get it properly. check the size on the *** server and yours.

    i got it using nemo file manager insted of classic way. with *** they were corrupted.

    Hack The Box

  • I've got some information from the initial files, including a password, but unsure where to use it. Any hints?

  • @0mni said:
    I've got some information from the initial files, including a password, but unsure where to use it. Any hints?

    Check your port scan

    --Skunkfoot

Sign In or Register to comment.