Hint for Sunday

11415161719

Comments

  • edited September 2018

    @beards4ever said:
    Got first user ssh, found text ..got second user hash ...please PM me with a nudge on cracking the second user.

    Nudged myself ...got the second cred ...but now the ssh service is getting DDOS'd ...no need to bruteforce the service to get this box.

    • edit - not being DDoS'd ...for got to change the darn port ...now trying to get root

    Hack The Box

  • Anyone want to give a N00b a push on the method to push the flag back to socket ...know basic concept but syntax is being problematic ..hit me via PM

    Hack The Box

  • @pp123 said:
    Ok, I got root.txt, but should you also be able to access the box as root user? Could someone clarify that for me, please?

    Yes it is possible.

    izzie

  • Finally got root ...tried to get way to fancy... thanks to @Draco123 ...for the final push

    Hack The Box

  • I finally got root.txt... thanxs @Draco123 !!!

  • poepoe
    edited September 2018

    Hi all,
    So I have the hashes but cannot get any program to process them, I keep getting errors indicating the formatting is wrong. Is there anyone I can PM?

    FORGET: Got it but took a great deal of trial and error! :-)

  • edited September 2018

    Hey, everyone. :) I'm still pretty new at this, but I've got the second user and user flag, and now I'm just working on root. I'm pretty sure I know which tool I have to use to get there, and I've found a couple things in the man pages for it that look like they have potential, but that's where I'm hitting a dead end.

    I'm prob just being noobsauce and overthinking it, but if anyone's got a minute to give a nudge in the right direction, I'd be real thankful.

    Edit: Figured out what I needed to do, and am making progress with it. Pretty sure my issue now is just syntax.

  • Hi I am very stuck , I don't know what I have to do to get user shell.. Maybe rockyou brutefoce over users is the way ?

    Please some hints

  • Hi all, need some help with this as its really starting to frustrate me as its probably something simple. Where i am so far is i found the high port, i guessed (htb default) 1 of the accounts (su****). I can see the txt file but I cannot read it and don't know what to do to read it. i assume it involves the sa**** account. if someone could DM and offer some assistance with what to do next please :)

  • @evilcall said:
    Hi I am very stuck , I don't know what I have to do to get user shell.. Maybe rockyou brutefoce over users is the way ?

    Please some hints

    Hi, here some hints:

    • Enumerate with nmap(high ports).
    • One service will give you first user info. To get ssh shell with first user you must think easy (HTB default). Test with logical passwords, you have it in front of you.
  • rooted, any one need help, just pm me. Thanks @Ompamo for the help

  • is it normal that this box disconnects me for broken pipe?
    is somebody fucking me for the lulz?

  • Nah, I think that's normal. It's done that to me almost constantly for two weeks. Makes it hard to try anything for sake of having to reconnect every two minutes. It's finally behaving for me today, but I might have just gotten lucky.

  • Got root..pm me if you need help...

  • having trouble gaining root access, if someone could shoot me a hint that'd be great. Preciate you!

  • @xcredence said:
    having trouble gaining root access, if someone could shoot me a hint that'd be great. Preciate you!

    Working on privesc too and feel im close.... want to compare notes and work on it ?

  • Finally rooted, thanks @Draco123
  • edited September 2018

    Can someone give the list of open ports? Have tried several diffferent approaches to scan the ports but nothing is working properly... Thanks.

    EDIT:
    Nvm got it working now

  • Looks like the service with "high port number" is crashing constantly, last 2hrs is unavailable.

  • Hi everyone,

    I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?

  • @Henkmeteenhoed said:
    Hi everyone,

    I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?

    Yes you can guess it very easily, I can only give you hint that password is in lowercase.

  • @ki11oFF said:

    @Henkmeteenhoed said:
    Hi everyone,

    I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?

    Yes you can guess it very easily, I can only give you hint that password is in lowercase.

    I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
    (i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?

  • @Henkmeteenhoed said:

    @ki11oFF said:

    @Henkmeteenhoed said:
    Hi everyone,

    I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?

    Yes you can guess it very easily, I can only give you hint that password is in lowercase.

    I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
    (i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?

    It's realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.

  • Hi. I was able to list users.
    By accident, I discovered the sammy user and discovered all the numbered ports.
    But I can not find any way to RCE.
    Some help?

  • @ki11oFF said:

    @Henkmeteenhoed said:

    @ki11oFF said:

    @Henkmeteenhoed said:
    Hi everyone,

    I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?

    Yes you can guess it very easily, I can only give you hint that password is in lowercase.

    I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
    (i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?

    It's realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.

    I got it! haha, im sure i tried this before, but guess i made a typo. Thanks for your help though!

  • @fvconi1991 said:
    Hi. I was able to list users.
    By accident, I discovered the sammy user and discovered all the numbered ports.
    But I can not find any way to RCE.
    Some help?

    There is no way to RCE.
    Please read my and Henkmeteenhoed last comment's and you will know what to do next

  • got user after two days....looking for priv esc now...

  • I am inside the first user. Still can find any priv esc ideas. It should be easy, but. Help me pls, I'm stuck.

  • finally got root...thanks to all

  • If somebody get this error

    Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

    Use putty and u will resolve the problem

Sign In to comment.