Heist

145791024

Comments

  • edited August 2019

    USER:
    enumerate, can you use these anywhere? enumerate more, did you get anything? login.

    ROOT:
    remember it is easy, read. Find it? Sometimes the old Rocck music just doesn't do it for yyou. When that happens I like to go online and try to see if I can find other groups, that will play for me. < I think this is unintended actually, let me know if you got it a different way!

    Let me know if you need help.

  • Hi, help user. username = Haz***?

  • Hint for user: The metasploit module to speak to a high port service once you have the right credentials does NOT seem to work while the already mentioned ruby scripts do. Metasploit will tell you to check your credentials even though they are correct. The metasploit module to check the credentials does work though. So don't get fooled by this.

    emjay12

  • On user:

    I've confirmed that I have the right credentials for the 5*** port with other htb users on discord. With the metasploit module w****_****n I get "login successful."

    I've tried the ruby script already mentioned here as well as the ev**_****m tool. They all just time out. If I use the wrong credentials I get auth errors back from the ruby scripts, but with the right creds I get (HTTPClient::ReceiveTimeoutError).

    I can reach and enumerate the SMB share and log in fine, the HTTP server on 80, etc. The only time I'm getting this is with the two tools already posted here that everyone else seems to be using fine. I have all the gems installed and workiing as well as the latest ruby -v.

    I reset the box and tried right after, just in case this had something to do with:

    @maxo13 said:
    PS. Some people are trolling this machine, few hours ago the data
    storage directory had changed permissions, so noone else could access it with user privileges.

    But even after the reset I still get the timeout. Any help is apriciated, feel free to DM!

  • Any hint to crack secret 5 pass?

  • Type your comment> @ParlaxDenigrte said:

    On user:

    I've confirmed that I have the right credentials for the 5*** port with other htb users on discord. With the metasploit module w****_****n I get "login successful."

    I've tried the ruby script already mentioned here as well as the ev**_****m tool. They all just time out. If I use the wrong credentials I get auth errors back from the ruby scripts, but with the right creds I get (HTTPClient::ReceiveTimeoutError).

    I can reach and enumerate the SMB share and log in fine, the HTTP server on 80, etc. The only time I'm getting this is with the two tools already posted here that everyone else seems to be using fine. I have all the gems installed and workiing as well as the latest ruby -v.

    I reset the box and tried right after, just in case this had something to do with:

    @maxo13 said:
    PS. Some people are trolling this machine, few hours ago the data
    storage directory had changed permissions, so noone else could access it with user privileges.

    But even after the reset I still get the timeout. Any help is apriciated, feel free to DM!

    I have encountered the same problem.
    Finally I ran the ruby script in windows.

  • It appears that I might have some kind of 'bug' with my smbclient and I am not able to correctly list or get the files in the shared folder. Can someone PM me for assistance?

    raptorfx

  • Type your comment> @zfyra said:

    Any hint to crack secret 5 pass?

    you best ask John, he would know

  • @hanter said:
    Hi, help user. username = Haz***?

    nope

  • Stuck on priv esc, first windows box. Have spent a lot of time looking thru the directories need a nudge pls PM me

  • Finally rooted thanks to @sazouki , if anyone needs any help feel free to ping me :)

  • User Owned...
    Trying to Root...
    Any Guide ?

  • For Root: I have a k**4.d* file but its locked. Am I on the right track?

  • OK well I have been down rabbit holes for ages now some of my own making where I thought I had way more user names than I actually did due to misreading an output.

    Collected and cracked the three pw's in the first hour and patted myself on the back even pretty sure I have worked another user name out from the posts on here but I cant pop the shell on the high port with either r**y nor can I get access on the low ports.

    Sifted through everything on 80 with burp page by page including the scripts.

    lost time with ruby but learnt a bunch about that on the way pretty sure that is all working at least the errors now seem to be about authentication but I am buggered if I can find the missing piece and get the initial foothold.

    Pretty sure I am missing something obvious but I've spent hours trying combination on both the low ports and the high ones tried the imp****t script and even tried the the python method.

    So can someone please PM me with a nudge?

    CurioCT

  • Just got the root, there is something with the "fox" but you need to search it in the right way and right places.
    Just PM me if you need a littile push!

    Hack The Box

  • Rooted.

    This one turned out to be a bit of a pain for me. Per my last post I never got any connection to w***m to work from linux. HTTP on 80 worked fine, S*B worked fine, and the metasploit w***m_l***n module worked fine with "login success" on the proper creds.

    None of the ruby tools posted here ever connecetd. With the wrong creds I got auth erros, so I was communicating with the box. With the right creds everything times out.

    I had to switch to a windows 10 VM and then use En***-*******on with P****S**** to connect and get user and root.

    I can't think of a good explanation why I can be connected to the S*B share one min. then have an auth error on w***m, but then time out. Yet connect the next min. with the same creds from a windows host. If you are having problems with getting your user shell and you are sure about your creds, then try windows if you can.

    Overall though, really fun box and forced me to do a ton, thanks for the good time!

  • Rooted !!!!!
    If anyone need help PM me :smiley:

  • root owned. PM me for help

  • New to HTB and security domain. Done the nmap got some open ports after that got stuck. Any suggestions??

  • Finally got user.

    Used metasploit and a python W**** shell. Both said "invalid credentials" for every user:password combination. The ruby script linked in this thread worked.

    Cost me a few hours...

    PhaethonRising

  • Rooted. Damn, I always forget about the things that are there but not shown to me.

    Hack The Box

  • Type your comment> @m4xp0wer said:

    There's a ruby module that works just fine to interact with Wi***

    I can't download this module with gem or anything, i had error everytime. any idea?

  • decryption the secret 5. The characters are throwing everything off. am i missing something? I can't get john to accept it. kinda at a loss.

  • Rooted. Great windows machine. Tnx @MinatoTW on this challenge. PM me if you need a hint.

  • Rooted. Wasted total about 6 hours to trying login using metasploit and some other tools. Mentioned earlier ruby script worked well in my case. So without this metasploit issue user should be pretty easy and straitforward. Didn't get if this a bug or a feature of the machine.

    Root was much more easier, literally got it in 5 minutes just by walking through directories on the disk.

  • GREAT BOX

    USER: Find usernames and passwords(decrypt them), find more usernames, check if you can login somewhere using all combinations(user-pass) and login. There are hints here for programs that you could use for these steps.

    ROOT: Search and search, and when you find it use that to access. No need to find process, there is a much easier way, just search for it.

  • edited August 2019

    Type your comment> @L1vra said:

    GREAT BOX

    USER: Find usernames and passwords(decrypt them), find more usernames, check if you can login somewhere using all combinations(user-pass) and login. There are hints here for programs that you could use for these steps.

    ROOT: Search and search, and when you find it use that to access. No need to find process, there is a much easier way, just search for it.

    pm me if you stuck for hours

  • Type your comment> @ParlaxDenigrte said:

    This one turned out to be a bit of a pain for me. Per my last post I never got any connection to w***m to work from linux. HTTP on 80 worked fine, S*B worked fine, and the metasploit w***m_l***n module worked fine with "login success" on the proper creds.

    None of the ruby tools posted here ever connecetd.

    I had to switch to a windows 10 VM and then use En***-*******on with P****S**** to connect and get user and root.

    I've seen this a few times here - interesting... FWIW - linux worked fine for me... using: kali with system python2.7.16 and ruby2.5.5

  • I spend the last 2 days getting a username for User with no luck. First I changed the L****pS**.Py script from Impacket so I could feed it wordlists. I've exhausted all the standard wordlists and I even went looking for new ones. Ran that for a day. Figured I might have screwed up altering the script. (One of the passwords has an @ in it to mess with it) and also read people had problems with authenticating. Then I went to msf W***M-l**** and used the same lists, but still nothing. Could someone give me a nudge please?

  • Type your comment> @UCLogical said:

    I spend the last 2 days getting a username for User with no luck. First I changed the L****pS**.Py script from Impacket so I could feed it wordlists. I've exhausted all the standard wordlists and I even went looking for new ones. Ran that for a day. Figured I might have screwed up altering the script. (One of the passwords has an @ in it to mess with it) and also read people had problems with authenticating. Then I went to msf W***M-l**** and used the same lists, but still nothing. Could someone give me a nudge please?

    You got the right scripts but I have no clue what you are trying to feed them... it's pretty self-explanatory once you get your hands on the config file after the gu**t login.

    Hack The Box

Sign In to comment.