Hawk

It’s seem easy but not, lol
any hints?

There was very easy method on it, But it patched . Now Im still trying decrypt file. But there are errors on Hawk I think

The file is your way in, search methods via the openssl on how you can decrypt it.

I’m at that part, but I need credentials to decrypt it. Which I obviously dont know lol.

some hint about priv esc?

i dont know where to begin here not that good on web exploits, any hint for initial foothold

priv esc can be done with something you used to be unable to see, but after getting user, now you can.

Does anyone know why the box is so slow? People brutforcing the login page massively?..

@THYemre said:
There was very easy method on it, But it patched . Now Im still trying decrypt file. But there are errors on Hawk I think

Wait, are you saying the box was patched after it came up? Or what would have been easy entry on the box never was an entry point?

any hints on decrypting the file, I could try brute forcing, but that seem inelegant

Just bruteforcing will cook my pc. Hope its something else =/
Edit: well, guess it depends on the tool

@Parttimesecguy said:
any hints on decrypting the file, I could try brute forcing, but that seem inelegant

Sometimes being inelegant can be elegant … if you do it right :wink:

so brute force is the answer? I haven’t had any luck if it is…

fun box

I found a tool in a repository, but I’m not sure if that’s the right tool as I’ve tried. Probably doing something wrong (wrong flags, wordlist)

i’m enum everthing but still have no idea how to find pass for user : d***** ?

any pointers on the wordlist? tried the usuals but nothing yet

@giido said:
any pointers on the wordlist? tried the usuals but nothing yet

maybe the cipher is wrong?

@giido said:
any pointers on the wordlist? tried the usuals but nothing yet

same boat

me too no idea