Heist

1679111224

Comments

  • Type your comment> @DameDrewby said:

    Type your comment> @Dreadless said:

    Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Yes

    Read the note again n find where the password originated from...every word from that guy matters.... good Luck

  • If you believe you've found what you're supposed to be looking for, when attempting to escalate, make sure to check what you're sending with the script previously posted with what it sends. Just spent 2 hours not realizing that using double quotes instead of single quotes can alter what it will try to authenticate with.

  • Type your comment> @L1vra said:

    Type your comment> @StevenKennyIT said:

    Quick question for anyone who has the time:

    Am I meant to be able to successfully login/authenticate to the w***m service using the h****d account? Or, am I meant to do password guessing against the users obtained from l*******d.py ? Any help is appreciated

    To help you, there is a module on metasploit, which let you test usernames-passwords on the remote system to see if you can login. It also gives you the option to make a file of user-pass combinations and use it to test all of these and see what and how many combinations are correct.
    PS: That module do not let you login , but finds the right combination

    Thanks @L1vra and @icedmana. Rooted

  • edited August 2019
    Hi, I've found two passwords in the "file". I think the username could be H****d, r****r or a***n.

    I tried with smbclient, I failed.
    I tried witn W***M, I failed.
    I tried with lo******d.py I failed.
    I tried with Metasploit, I failed.

    I tried many other tools but nothing worked. I can't access the shares or connect to a service.

    Don't know what to do...
  • Type your comment> @kalagan76 said:

    Hi, I've found two passwords in the "file". I think the username could be H****d, r****r or an.

    I tried with smbclient, I failed.
    I tried witn W
    M, I failed.
    I tried with lo******d.py I failed.
    I tried with Metasploit, I failed.

    I tried many other tools but nothing worked. I can't access the shares or connect to a service.

    Don't know what to do...

    You'll need to do something with lo******d.py with what you have (play around with the information sets here, you need both a working cred including both username and password) to get more information. From there, try playing with the other service you are aware of. A useful github repo has been previously linked in this thread.

  • edited August 2019

    got root the unintended way it seems, quite annoyed though since it wasnt intended, anyone able to pop up and explain to me this "process way" ?

    Edit: Solved nvm lol.. overlooked that uncommon app since i thought it was nothing out of the ordinary...

    Hack The Box

  • I can connect to samba / rpc but cant with evil-winrm is it normal ?

  • edited August 2019

    Cracked secret 5 password. Have 3 users from con*** file, and few more from impacket script.
    Do I have to crack/find more passwords in order to use that high port exploit? With the current credentials a receive invalid login.

    Many thanks!

    NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

  • Type your comment> @frazvan said:
    >
    >
    > NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

    How in the hell can you crack "more" passwords from the c***** file considering there's only 3 things to decrypt?
  • Can someone please tell me if my syntax is correct in order to use l*******d.py ?

    ./l*******d.py username:[email protected]

    id password include things like ) i use:

    ./l*******d.py username:"password"@10.10.10.149

    Do i need to provide the port number?
  • edited August 2019

    @kalagan76 said:

    Can someone please tell me if my syntax is correct in order to use l*******d.py ?

    ./l*******d.py username:[email protected]

    id password include things like ) i use:

    ./l*******d.py username:"password"@10.10.10.149

    Do i need to provide the port number?

    username:password should work fine, just tested and it indeed works for me.
    You're probably not using the right credentials

  • Type your comment> @kalagan76 said:

    Type your comment> @frazvan said:
    >
    >
    > NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

    How in the hell can you crack "more" passwords from the c***** file considering there's only 3 things to decrypt?

    At the time when I posted here, I only cracked one password from the c***** file, the secret 5 password.
    After that, I cracked the other 2 passwords from the same file.

  • взял root.
    интересная машинка.
    информация которая предоставлена на форуме достаточно для получения root.

    нужна помощь пишите.

    took root.
    interesting machine.
    The information that is provided on the forum is enough to get root.
    need help write.

  • Type your comment> @skiddyyy said:

    I can connect to samba / rpc but cant with evil-winrm is it normal ?

    yes, this specific machine had issues with a few different w**** tools... try the one thats written in ruby

  • Type your comment> @d3d said:

    Type your comment> @skiddyyy said:

    I can connect to samba / rpc but cant with evil-winrm is it normal ?

    yes, this specific machine had issues with a few different w**** tools... try the one thats written in ruby

    Already tried still doesnt work...

  • Damn, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

  • Type your comment> @Aidsko said:

    Damn, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

    Try metasploit module to check right combination of those creds :smile:

    cycl0ps
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
    Discord-cycl0ps#5219
    Telegram-cycl0ps

  • Currently working on root but seem to have hit a brick wall. I'm pretty certain I've figured out the correct application as the file I'm looking at has been mentioned several times in the forum, however I haven't been able to decrypt it. Uploaded an application to get the password but it was ineffective as a master password seems to be in use.

    A lot of the previous comments imply that the answer is much simpler than it might appear. Would really appreciate a nudge in the right direction. Heading to bed now - sorry if I don't respond for a few hours.

    Cheers.

  • edited August 2019

    usernames and 3 cracked passwrds from c***** file didn't help authenticate neither ./l*******d.py script nor msf w**** login module. Any help on how to get the correct username?

    Update : Rooted! The root was so simple than user. Wasted a day for root complicating things..

  • Rooted

    I NEED TO UNDERSTAND TWO THINGS:

    • Why the exploit didn't work in metasploit or the other ruby scripts? if someone knows, please tell me.
    • From where the hell you got the username C**e? Has it been mentioned some whare in the website? if someone knows, please tell me.

    The root flag was much more easier than user flag.

  • Ok so I have 3 password and 3 username which i got from the file they give you
    I can connect to samba / rpc but i cant enumerate from this cause few rights
    i tried the rb script and evil-winrm on both windows and linux machine
    I tried to bruteforce username with the 3 password using the metasploit auxiliary tool
    I obviously tried all the combinations between these username/password

    Still doesnt work, im really stuck, I already tried all the options.

  • Stuck on root. Could someone give me a nudge? Like others said I'm missing the l****.***n file and cant see any other interesting processes.

  • Type your comment> @ibarrick said:

    Stuck on root. Could someone give me a nudge? Like others said I'm missing the l****.***n file and cant see any other interesting processes.

    Once you get the user, try to visit the web pages from inside. You will find something useful.

  • Type your comment

  • cracked all 3 passwords, but still milestone is far

  • Rooted! Pretty Nice box , congrats @MinatoTW

    Ping me if you need help

    TigaxMT

  • edited August 2019

    hey, anybody could help me out? I can't get opencl to work on my ivybridge soo... can't really do that one thing I'm supposed to do. I know what I should, but unable. Could anyone give it to me? Thanks

    --edit: got it, got in to the s**** but nothing seems to be up there. Please some nudge?

    rowra

  • Type your comment> @rowra said:

    hey, anybody could help me out? I can't get opencl to work on my ivybridge soo... can't really do that one thing I'm supposed to do. I know what I should, but unable. Could anyone give it to me? Thanks

    --edit: got it, got in to the s**** but nothing seems to be up there. Please some nudge?

    I've got 3 sets of creds. I tried metasploits w****_lo***, previously linked evil-w**r* and a python winrm lib too (wrote my own little wrapper for a pass checker brute forcer all combinations). Nothing seems to work. I tried adding some obvious/stock ones like Administrator. Nothing, going nuts about how to utilise these creds, they can't be for nothing.. please nudge

    rowra

  • To save some others a massive headache turn off bash history substitutions with this command for the final step:

    set +H

Sign In to comment.