Hawk

It's seem easy but not, lol
any hints?

I don't have Signature...

«13456718

Comments

  • There was very easy method on it, But it patched . Now Im still trying decrypt file. But there are errors on Hawk I think

  • The file is your way in, search methods via the openssl on how you can decrypt it.

    Hack The Box

  • I'm at that part, but I need credentials to decrypt it. Which I obviously dont know lol.

    Vex20k

  • some hint about priv esc?

  • i dont know where to begin here not that good on web exploits, any hint for initial foothold

  • priv esc can be done with something you used to be unable to see, but after getting user, now you can.

  • Does anyone know why the box is so slow? People brutforcing the login page massively?..

  • @THYemre said:
    There was very easy method on it, But it patched . Now Im still trying decrypt file. But there are errors on Hawk I think

    Wait, are you saying the box was patched after it came up? Or what would have been easy entry on the box never was an entry point?

    hmgh0st

  • any hints on decrypting the file, I could try brute forcing, but that seem inelegant

    Parttimesecguy

  • edited July 2018

    Just bruteforcing will cook my pc. Hope its something else =/
    Edit: well, guess it depends on the tool

  • @Parttimesecguy said:
    any hints on decrypting the file, I could try brute forcing, but that seem inelegant

    Sometimes being inelegant can be elegant ... if you do it right ;)

    drtychai

  • so brute force is the answer? I haven't had any luck if it is....

    Magavolt

  • fun box

    ReK2

  • edited July 2018
    I found a tool in a repository, but I'm not sure if that's the right tool as I've tried. Probably doing something wrong (wrong flags, wordlist)

    Vex20k

  • i'm enum everthing but still have no idea how to find pass for user : d***** ?

    I don't have Signature...

  • any pointers on the wordlist? tried the usuals but nothing yet

  • @giido said:
    any pointers on the wordlist? tried the usuals but nothing yet

    maybe the cipher is wrong?

    Parttimesecguy

  • @giido said:
    any pointers on the wordlist? tried the usuals but nothing yet

    same boat

    I don't have Signature...

  • me too no idea

  • any clues on priv escalation? I can see a DB running as root, but not sure if that's right or how to proceed

    Parttimesecguy

  • any hint on wordlist pls?

    lahirukkk

  • edited July 2018

    @mrh4sh
    very nice box, I enjoyed it a lot.

  • Anyone have any hints for privesc?

    Waffles
    | OSCP | OSWP | PenTest+ |

  • @lahirukkk said:
    any hint on wordlist pls?

    Like @Parttimesecguy said , Maybe the cipher is wrong... simple wordlists are fine

    xMagass

  • @xMagass said:

    @lahirukkk said:
    any hint on wordlist pls?

    Like @Parttimesecguy said , Maybe the cipher is wrong... simple wordlists are fine

    As you said cipher is wrong. got the password now. Thanks :D

    lahirukkk

  • never mind i got the shell :D

  • @lahirukkk said:

    @xMagass said:

    @lahirukkk said:
    any hint on wordlist pls?

    Like @Parttimesecguy said , Maybe the cipher is wrong... simple wordlists are fine

    As you said cipher is wrong. got the password now. Thanks :D

    Did you go through a lot of ciphers? There are so many to try... ;)

  • @NinjaRockstar said:

    @lahirukkk said:

    @xMagass said:

    @lahirukkk said:
    any hint on wordlist pls?

    Like @Parttimesecguy said , Maybe the cipher is wrong... simple wordlists are fine

    As you said cipher is wrong. got the password now. Thanks :D

    Did you go through a lot of ciphers? There are so many to try... ;)

    You have the time i think ;) but google may help

    xMagass

  • @Waffles said:
    Anyone have any hints for privesc?

    Think out of the box!

    Moody

  • I have run all the hash types through rockyou without success. Any hints towards a viable wordlist?

Sign In to comment.