Hawk

17810121318

Comments

  • > @takuma said:
    > @Glasgow said:
    > I'd seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn't require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I've tried passwords from enc file, website, and user but with no luck. (I'm on MM too if that's easier)
    >
    >
    >
    >
    >
    > how to log in to the last step? --- which service that you want to login?
    > if you stay on last step
    > maybe i already got it

    The console that is only available on localhost. Sorry, trying to be vague to not spoil anything.
  • I'm stuck on the portal. Any advice on how to get a shell to the box?

  • Anyone having issues with the web app dropping? I've started seeing a "Failed to daemonise. Connection refused"

    Also, is anyone willing to offer a light push for init. foothold? I've already pulled and decrypted [.enc] but now i'm coming up short.

  • Been stuck on privesc for a few days now. I can login via ssh, and I see the other service. Can someone please PM me with some help?

    Bowlslaw

  • edited August 2018

    Had trouble finding the file until I realized I am an idiot. ha!

  • Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO...

    I think theirs something in F** service... can someone help a bruthu out!!

  • edited August 2018

    @fl337 said:
    Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO...

    I think theirs something in F** service... can someone help a bruthu out!!

    Im struggling with this one too...I know its right in front of me!

    Edit: user. Done

    Edit: root. Done

    This machine was not that difficult but there are some lessons learned for sure. The biggest one? Slow down. Look at what is right in front of you and remember that not everything problem needs to be met with an elaborate solution.

    Cheers

  • I was able to get root.txt without having a shell as root. Out of curiosity, is it possible to get a shell as root for this box?

  • Got user.txt boiz!!! Lol super simple don't over think things!! :) Onto priv esc... Let's get some H20 first hehe ;) I already think I'm on the right path!
  • Just got the user flag last night - I guess when a guy called "mrh4sh" is making the machine, you kind of expect some sort of cracking to get you on your way ;)

    d4rkm0de

  • edited August 2018

    I have decrypted the .enc file and gained the password however I am completely stuck on where to use it...

    Tried all the usual names in username on main drupal site but getting nothing :anguished:

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • I'm stuck and I've been stuck for a long time now. I don't know how to decrypt the file. (I don't have any background in this kind of matter), feel free to PM me :)

    WillIWas

  • Rooted! - Super fun box...

    If anyone needs help feel free to drop me a PM! :+1:

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • Enjoyed this box. Knowledge from a previous box defo helped me on this one.

  • @Glasgow said:
    ... Out of curiosity, is it possible to get a shell as root for this box?

    Yes.

  • edited August 2018

    Just rooted it. This one was a trip! Some hints that would have been helpful to have:

    • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
    • If you're at the river, ready to drink water but having trouble finding access, try a different spot in the same river

    If you're stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

  • are there stability problems with this box ? I followed the right steps to get a shell but it keeps hanging on my terminal...I see the host connecting to me but the shell never pops out and keeps on loading...

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • Hmm if someone can assist me with foothold that would be nice.

  • Finally rooted. Since y'all are reading, here is my contribution.

    (1) Make no assumptions.
    (2) Try to do everything more than one way.
    (3) If you are having trouble with the "file", I favor creating your own script over the Github option. If you are having trouble, you can always practice creating your own "special file" and practice...
    (4) Speaking of practice - it never hurts to spin up a VM and CMS.

    Great machine - many lessons learned.

  • edited August 2018
    Rooted! Finally, I got stuck in so many places by mistake, btw, nice box, learned a lot ✊🏿 !
    My advice:
    keep it simple! Sometimes you just not need fully access to the machine btw, if u want the access, just pacience and cat files, rolf.
    Even not need a shell ! (Maybe I solve it by the wrong way ): , if anyone solve it by other method, pm to discuss please :3!)
    If you're stuck in the Aqua portal, try to do the most simpliest thing, maybe you're trying to access where you dont have to !
    (Just erase if any spoiler is in this )
    Thanks to everyone who help without spoiler!
    If anyone needs help, just pm me !
    Cheers !
  • edited August 2018

    Edit: Nevermind, found it.

    I haven't found a foothold yet. I keep reading about a file that has to be decoded or decrypted but I haven't gotten that far. If you can give me a nudge, please PM me and I'll explain what I've already done to enumerate the box. Thanks

  • @singularity said:
    Just rooted it. This one was a trip! Some hints that would have been helpful to have:

    • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
    • If you're at the river, ready to drink water but having trouble finding access, try a different spot in the same river

    If you're stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

    many thanks to @singularity - +1 for this hint.

  • Got root today, so feel free to pm me for hints. I'm always happy to help.
    However, I probably didn't go down the nice road, though. I didn't have to go via d***** and also did some inelegant stuff at the waterhole.
    So, I would be glad if someone wants to discuss the approaches in order to learn from each other. Thanks!

    hexTwoAlfa

  • edited August 2018

    FUCKKEN GOT EEEEEM BOISSSSS WOOOOW WHAT A RIDE LAWWWWRD JEEEZUS WOW THEIR IS A REALLY AWESOME SUUUUUUUPER DOPE POST THAT HELPED ME GET THE FINAL STEP FOR THE challenge WAAA IM THIRSTY NOW!!!

    HEHE rooted ;D

  • edited August 2018

    Spoiler Removed - Arrexel

  • this was a great box, similar to a couple of other ones currently active.

    I think some tips in here are a bit misleading;

    on the file, you have everything you need on a base kali install, you don't need to download anything or write any scripts. the whole process took less than 5 minutes on a VM with the usual wordlist.

    on PE, take a careful look at your nmap output, there are big clues there to getting from the w user to the d user. from here, if you've done other similar boxes you should know what to do with the running services.

  • @crisco said:
    So, the tool to decrypt the file from GitHub didn't work for me. It didn't find the correct password (it couldnt even do it with an example file using "password" as the password), but doing it manually in Python cracked it in about 10-20 seconds with a good wordlist, and was only about 20 lines of code (including fancy argument handling xD).

    Similar issue here - scripting the commands to run the decrypt routines worked - the GitHub code did not.

    Testacl

  • rooted.. great things learned on the way! got a taste of h2
    PM for help

  • Just got root. The crucial thing for both user and root is to take things slow. The path is relatively straight forward, but you need to read the source code of the exploits and understand what it's doing and make necessary modifications in the source code or do some other prior setup.

    For root, someone already mentioned this, but consider your approach in Poison. Very similar path.

  • Seconded
    Just take what you have and put it together. And as already said: don't overthink, think straight

Sign In to comment.