OpenAdmin

15859616364

Comments

  • Hi everyone, I was able to login as User 1 (not RCE) and need help with User 2 access. I don't want to give anything away, a PM would be great. Thanks!

  • @rippenkill said:

    Hi everyone, I was able to login as User 1 (not RCE) and need help with User 2 access. I don't want to give anything away, a PM would be great. Thanks!

    Enumeration is the key. Reading relevant files and folders will take you far on this box.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @rippenkill said:

    Hi everyone, I was able to login as User 1 (not RCE) and need help with User 2 access. I don't want to give anything away, a PM would be great. Thanks!

    Enumeration is the key. Reading relevant files and folders will take you far on this box.

    I have located a.p** file that had a hash in it but I'm not sure that's what I need.

  • @rippenkill said:

    I have located a.p** file that had a hash in it but I'm not sure that's what I need.

    Try it and see.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I think my brain is just burned out because I can't find the way to get root and everyone says is the easy part I will appreciate some nuggets
  • @Raigan21 said:

    I think my brain is just burned out because I can't find the way to get root and everyone says is the easy part I will appreciate some nuggets

    Enumerate what the user account is allowed to do. One of the checks should be to see if the account can run anything with special privs. Thats how you get root.

    (You have to be logged in as the J*****a user though)

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • got it I was accessing user-2 console the wrong way, but after using the intended way was really clear

  • Cracked joanna private key passphrase but not able to ssh in.
    Can anyone tell me why? using "ssh -i key [email protected]", then I enter the passphrase I discovered but it's not working..

    isn't it "b****n****s"?

    Hack The Box

  • @newrookie said:

    it's not working..

    It entirely depends on what error messages you are getting.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @newrookie said:

    it's not working..

    It entirely depends on what error messages you are getting.

    No error messages, I simply copy paste the passphrase but then joanna password is asked

    Hack The Box

  • @newrookie said:

    Type your comment> @TazWake said:

    @newrookie said:

    it's not working..

    It entirely depends on what error messages you are getting.

    No error messages, I simply copy paste the passphrase but then joanna password is asked

    Are you 100% sure that the process isn't showing you any other messages?

    If it is asking for the password, then the key isn't being accepted.

    If you are entering the passphrase when prompted for a passphrase, the chances are you've copy/pasted an error in. This could be as trivial as a non-printing character.

    If, however, there is a message before it asks you for a passphrase saying the key is insecure, it means you need to set the permissions properly (chmod 600 key).

    If it isn't any of that, you haven't put the path in for the key or the key isn't a key.

    Without seeing what the server is showing you, it's nearly impossible for someone else to work out the solution here.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @newrookie said:

    Type your comment> @TazWake said:

    @newrookie said:

    it's not working..

    It entirely depends on what error messages you are getting.

    No error messages, I simply copy paste the passphrase but then joanna password is asked

    Are you 100% sure that the process isn't showing you any other messages?

    Yes, I'm sure that no other messages are shown

    If it is asking for the password, then the key isn't being accepted.

    If you are entering the passphrase when prompted for a passphrase, the chances are you've copy/pasted an error in. This could be as trivial as a non-printing character.

    In order to be 100% sure I copy pasted properly I used the --show option of john

    If, however, there is a message before it asks you for a passphrase saying the key is insecure, it means you need to set the permissions properly (chmod 600 key).

    Permissions were already set as you suggest

    If it isn't any of that, you haven't put the path in for the key or the key isn't a key.

    I put the key in the directory I'm launching ssh, is it ok? I think the key is the right one because "joanna told me" thanks to m*.p and curl

    Without seeing what the server is showing you, it's nearly impossible for someone else to work out the solution here.

    I'm sorry to ask but I really don't know why it is not working. The only doubt is about the director

    Hack The Box

  • @newrookie said:

    Yes, I'm sure that no other messages are shown

    Can you paste the command you've used and all output - send me a DM if it looks like it contains spoilers.

    When you use SSH it is fairly verbose, so it is largely a matter of reading the output to determine where the issue lies.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @newrookie said:

    Yes, I'm sure that no other messages are shown

    Can you paste the command you've used and all output - send me a DM if it looks like it contains spoilers.

    When you use SSH it is fairly verbose, so it is largely a matter of reading the output to determine where the issue lies.

    I was making screenshots in order to send you all the details and I was able to enter using the same commands as before. I'm speechless, really, I don't know how this happened.

    Anyway, thank you so much for your patience, really

    Hack The Box

  • @newrookie said:

    I was making screenshots in order to send you all the details and I was able to enter using the same commands as before. I'm speechless, really, I don't know how this happened.

    Anyway, thank you so much for your patience, really

    Nice work - persistence often pays off.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • This was the very first Box I got to root (and my second box overall). Surprisingly I was very close so often and just missing minor details. Great box for beginners, I learned more than in a surprising amount of my university courses. Thanks for all the great hints!

  • can anyone help me.... i got the shell but i am getting nothing on enumerating

    Hack The Box

  • try harder!

    Fedriclesomar
    Try Harder! | Rarely Active on Forum

  • Type your comment> @Fredriclesomar said:

    try harder!

    can you give me really small hint... if you dont mind....

    Hack The Box

  • @thescriptkiddy said:

    Type your comment> @Fredriclesomar said:

    try harder!

    can you give me really small hint... if you dont mind....

    Read the files and folders around where the RCE lands.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @thescriptkiddy said:

    Type your comment> @Fredriclesomar said:

    try harder!

    can you give me really small hint... if you dont mind....

    Read the files and folders around where the RCE lands.

    is it the .ht******.exam*** ???

    Hack The Box

  • @thescriptkiddy said:

    is it the .ht******.exam*** ???

    No.

    If you want a bigger hint, do a list (with -al) and ignore anything with a recent (last month) timestamp.

    Then look at folder names and decide if you'd expect to see them there. Any which look interesting or like they may be specific to the local machine should be investigated further.

    Then its a case of keep looking and keep reading files.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Good box for newbies like me. I learnt a lot.

    Initial foothold: knowing the web, search for an exploit.

    User1: enumerate to know which files you have access to. Then analyse them to reach the most interesting one with a password.

    User2: enumerate again to reach interesting .php files. Then think how to reach a website internally. Curl is your friend, and then John.

    Root: see what you can execute with this user's permissions and then surf on GTFOBins.

    PM if you need more nudges.

    antz
    If I helped you, it would be great to get your respect, and vice versa.

  • can someone please assist me, i can't figure out how to use curl on the m*.p file to get the information i want.

    Please dm

  • @cripDepression said:

    can someone please assist me, i can't figure out how to use curl on the m*.p file to get the information i want.

    Please dm

    Enumerate more. Either read the previous responses to this question or find where the file is being served by reading the correct config files.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Can anyone give me a nudge in the right direction? I have the initial foothold after running a .sh script onto the right endpoint, i'm trying to get to user 1 level.
    How am I supposed to do that though? Login via the web app? I have found a few things which look like they could be usernames or passwords in some files but have no idea how to use them? Also am I right in saying the flow is w**-***a -> j***y -> j****a -> root ?

    5uP3Rn0v4

  • @5uP3Rn0v4 said:

    Can anyone give me a nudge in the right direction? I have the initial foothold after running a .sh script onto the right endpoint, i'm trying to get to user 1 level.
    How am I supposed to do that though? Login via the web app? I have found a few things which look like they could be usernames or passwords in some files but have no idea how to use them? Also am I right in saying the flow is w**-***a -> j***y -> j****a -> root ?

    Your flow is basically correct.

    So reversing, if you have something that looks like a password you should try to see if it is a password.

    You can get a list of valid users on a Linux system with a quick cat of the correct file. When you can confirm the user account names you can try to see if they've reused the password somewhere else.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Thanks TazWake, I have scanned that file and I have tried it on /*/*****.p but I get Password Incorrect, I must be confusing what I think is the password with the actual password. How deep is this password containing file from where you initially land? I feel like im grep'ing every file for keywords but cant find anything else

    5uP3Rn0v4

  • @5uP3Rn0v4 said:

    Thanks TazWake, I have scanned that file and I have tried it on /*/*****.p

    That might be the mistake. Try it somewhere else.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Ahha! Eureka moment. I'm in as user 1 and I think I found what I need to get user 2. Thanks alot!

    5uP3Rn0v4

Sign In to comment.