Lightweight

189111314

Comments

  • Can anyone DM me for some hints on lda***er2? I don't have much knowledge on LDAP

  • Type your comment> @Ripc0rd said:

    anyone managed a full shell on this box?

    I'm happy to send a PM your way if you need help with getting a root shell.

  • Type your comment> @clmtn said:
    > Type your comment> @Ripc0rd said:
    >
    > anyone managed a full shell on this box?
    >
    >
    >
    >
    >
    > I'm happy to send a PM your way if you need help with getting a root shell.

    Yes pls. Like to try and get full shells rather than just reading the flags
  • Hi, I'm running the t*****p scan, but I only found other user nmap script scan.......
    Also, why copy a file is f***** hard ? you can't cat, you can't reverse html server, scp doesn't work for certain file, rcsync either, I even try to zip my .c** file but no, that's really impossible........
    I use more command and copy/past, so for binary file it is not working.......

  • edited March 2019

    Ok... so no crap there I was. I have a ssh connection with the host machine. I have hashes from a certain service. I cannot crack said hashes nor have I been able to replay them as I shouldn't be able to due to the fact I'm in a *nix environment...

    I have t******ed certain protocols to gain further information to no avail...

    Throughout the forum I have noticed individuals stating that you do not need that hashes, and in fact at one point one individual said you could replay them....

    I am lost in the sauce here gents, if someone could PM me or give me a nudge I would greatly appreciate it. My ego depends on it. I'm just trying to get user...

  • Can someone please pm me the tcpdump syntax that works? I tried using '-i any ' but I can get no activity for the ld_____1 or 2 users. Thanks in advance

  • I have opened t*****p and listened the 389 port for a while, nothing happened after 10 minutes, am I at right path please?

  • edited March 2019

    Yeah I got lucky at one point and gathered hashes. However comma.. the hashes I obtained weren't crackable with the rockyou.txt.

    There is an easier way to obtain the hashes without actually listening on the box... I DO NOT know if that's the right avenue of approach though.

  • please pm me how to get user

  • Finally, get root.txt I'm finding the way to get root shell. special thanks @clmtn for hints on user part. Feel free to PM me.

    idealphase

  • edited March 2019

    Hi chaps
    Am new to this lark, although a seasoned programmer. Spent over a day on this one, guess it's not a spoiler to say I have some usernames and credentials.
    WTF do I do with them? I tried the obvious but just doesn't get accepted.
    Would love a PM if someone wouldn't mind, I know there's something massively obvious but I'm out of sanity.
    Thanks

  • edited March 2019

    @nigs read this post from the start it literally has everything.

  • Got root. Have to say that I found this box a bit hard due to my lack of knowledge in most of the tools needed...reading this threat I thought root was going to be piece of cake and it turned out quite hard. Harder than user in my opinion. Indeed root is "fun" but without the hints in this thread and google I would not even imagine that that was possible. There is a blog out there with everything you need to get root flag and shell.

  • In the box currently the way the web page "told me" to do it... Very little experience with ld** and using td*** to get the hashes everyone seems to be talking about... I've tried running td*** with various flags, and have been stuck for quite a while... Anyone willing to point me in the right direction? Been stuck on this for weeks and rooted Fortune in between in the meantime because it was easier than this, lol.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • @Farbs said:

    In the box currently the way the web page "told me" to do it... Very little experience with ld** and using td*** to get the hashes everyone seems to be talking about... I've tried running td*** with various flags, and have been stuck for quite a while... Anyone willing to point me in the right direction? Been stuck on this for weeks and rooted Fortune in between in the meantime because it was easier than this, lol.

    There is something that loads slower than expected every time you open it, is the box trying to tell you something?

  • Type your comment> @ClaudiuGeorgiu said:

    @Farbs said:

    In the box currently the way the web page "told me" to do it... Very little experience with ld** and using td*** to get the hashes everyone seems to be talking about... I've tried running td*** with various flags, and have been stuck for quite a while... Anyone willing to point me in the right direction? Been stuck on this for weeks and rooted Fortune in between in the meantime because it was easier than this, lol.

    There is something that loads slower than expected every time you open it, is the box trying to tell you something?

    Phenomenal hint. Thank you, my friend.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited April 2019

    Hi,
    I managed to get the root flag by using o******. Still, I don't really understand why what I did worked. I'd appreciate it if someone could PM me and help me understand.
    Thanks

    Edit: Nvm, I mixed something up resulting in odd behavior.

    V1510N

  • edited April 2019

    Ugh, this L*** mess is driving me up a wall.

  • Can someone PM on getting root.txt I have all the necessary components, just confused on how to use them! The components are the output of being able to decrypt the b*****.**

  • edited April 2019

    hello , any hint in how to use t******p i dont capture nothing on it , can you pm please thank you

  • Was a good challenge. User was fairly easy, so was root. Learnt a couple things.

    User: Play around with everything you have at hand. Unexpected things might be true for this one!

    Root: You're fine as long as you know what you are capable of doing.

    PM me if you need a hint ;)

    sig

  • Having trouble figuring out first user, would anyone mind PMing me with a hint?

  • ProTip for initial user: Don't overlook the obvious. If you spend 2 days bashing your face into the keyboard and you're not gaining creds, TAKE A STEP BACK. I just managed to get user and I cannot believe I (and so many others!) had overlooked something so blatantly obvious!!!

  • edited April 2019

    Got root flag thanks to @Layle and the rest from this thread. Learned a two new things that I will for sure keep in my arsenal.

  • Hi, I think I overlooked something in my tcpdump I have one day to check this and I'm feel so noob, I can not figure out how to get the credentials, I have try several methods and sniff the traffic in eth0 and lhost but with no success can some pm please, thank you

  • Anyone have recommendations for a wordlist for backup.7z ?

  • I did eventually find it. No graphics cards inside my Kali VM.

  • Anyone mind PM me on getting a root shell? I'm looking for new ideas of where I should write without breaking something.

  • [[email protected] ~]# id
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

    PM me, happy to help

  • can you stop reset the box every 2 min !!!!!!!!!!!!!!

Sign In to comment.