Lightweight

Just starting the discussion :) Pay your respects to Active..

«134

Comments

  • From the name it seems like its going to have some LDAP involved

    LordeDestro

  • hard time during enumeration...

    n3v1l

  • So simple to get a shell. I havent been able to load the webpage probably because the box is being pounded. FYI If you cant visit the site you are better off waiting

  • Love this!

    "This server is protected against some kinds of threats, for instance, bruteforcing. If you try to bruteforce some of the exposed services you may be banned up to 5 minutes.

    If you get banned it's your fault, so please do not reset the box and let other people do their work while you think a different approach."

  • @tobor said:
    So simple to get a shell. I havent been able to load the webpage probably because the box is being pounded. FYI If you cant visit the site you are better off waiting

    That's not why lol. It's intended, read the web pages. ;)

    --Skunkfoot

  • Lol yup. I got banned and was never able to visit the sites Derp

  • We can see the sha512 hashes for two ldap users but I'm doubting to bruteforce them... ?

    clarkkent

  • i got a shell but cant do priv escal.

  • @clarkkent said:
    We can see the sha512 hashes for two ldap users but I'm doubting to bruteforce them... ?

    I´m trying to bruteforce them. Rockyou wasn´t effective against thoses hashes. Now I´m trying a bigger list.

  • @veterano said:

    @clarkkent said:
    We can see the sha512 hashes for two ldap users but I'm doubting to bruteforce them... ?

    I´m trying to bruteforce them. Rockyou wasn´t effective against thoses hashes. Now I´m trying a bigger list.

    happy people those ones with powerful GPUs. I'm still struggling with 1 day time to bruteforce. Honestly I don't believe this is the owner intent. Maybe an nodge from him would count :anguished:

    clarkkent

  • do we really need to crack the hashes ?
    I think I'm in a big rabbit hole

    0xRick

  • @Ahm3dH3sham said:
    do we really need to crack the hashes ?
    I think I'm in a big rabbit hole

    I'ts something else... the first blood was in one hour..so no bruteforce I asume.

    clarkkent

  • Or he has a badass GPU :bleep_bloop:

    --Skunkfoot

  • Doubt it's cracking , first blood was to quick and it's salted . Have a GPU crack session running anyway but it's been an hour and still nothing

    Hack The Box

  • guys dns as Ippsec usually do it then read as you would read your fav web page

  • but if you guys got the priv escalation then text me and now i will go to party :P

  • With a GPU hashcat took 10 minutes to run all rockyou.txt. But I think its a rabbit hole.

  • No bruteforcing required.

  • @tvgdb congratz on the user

  • @FlameOfIgnis said:
    @tvgdb congratz on the user

    Thanks :)

  • edited December 8

    is there anything i can do with the r***t_r*q ? or is it useless?

  • @salute101 said:
    guys dns as Ippsec usually do it then read as you would read your fav web page

    No idea what you mean tbh

    Baikuya

  • Vuln nse script against ldap gave me some "doggy" output. I'm researching into this and hope its not a rabbit hole :confused:

  • edited December 9
    @Baikuya: i think @salute101 means to edit etc hosts file
  • @evandrix said:
    @Baikuya: i think @salute101 means to edit etc hosts file

    I got that but I dont know how this should be helpful in any way on this box.

    Baikuya

  • Anyone advanced from initial shell to give a hint?

  • edited December 9

    @veterano there are 34 people with users yet, i dont think its late enough to ask for hints yet

  • Got user. Now going to root.

Sign In or Register to comment.