Hawk

11213151718

Comments

  • Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :(

  • Rooted! In fact a very interesting machine! I enjoyed it a lot! A good mix of Crypto, Exploit and Common Sense techniques.

    laed2

  • @hermajordoctor said:
    Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :(

    It's not empty.

  • edited October 2018

    I'm quite stuck, I've got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven't been able to find it.

    Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I've got lots of enumeration done, but despite how thirsty I am, I don't think I'll be able to drink any dihydrogen monoxide till I find out where these things are at.

    EDIT: To all those who said 'don't overthink it', you weren't kidding. Onto privesc...

  • @jfredett said:
    I'm quite stuck, I've got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven't been able to find it.

    Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I've got lots of enumeration done, but despite how thirsty I am, I don't think I'll be able to drink any dihydrogen monoxide till I find out where these things are at.

    Keep looking, there's a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.

    --Skunkfoot

  • edited November 2018

    Spoiler Removed - egre55

    Nixguy

  • edited November 2018

    Spoiler Removed - egre55

  • Folks, go with your instincts and don't worry about DaVinci Coding forum posts. That said there are a lot of good hints in here. Enumerate, use google, keep notes and you'll be good to go. Nice job to the creators :+1:

    Hack The Box

  • edited October 2018

    Can someone ping me about decryption I want to run my commands by you and see what I am missing. Thanks

    Happy to return the favor if you are stuck on something I have finished and want a nudge.

    my4andle

  • Can someone give me some hints on decryption, I've tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

  • @hermajordoctor said:
    Can someone give me some hints on decryption, I've tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

    I have tried bash loop with openssl and other tool, both yield no legible results with my settings. I am sure it is just a cli arg that has to be right but I have tried a lot of permutations of cipher and digest no progress yet, including with the Drupal7 encryption settings.

    Maybe it is the wordlist?

    my4andle

  • cracked thanks to some help, not hard, just requires a working version of o*****l :astonished:

    my4andle

  • Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too...as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level...hints would appreciated trough pm thanks anyone

    inspek

  • edited October 2018
    I've got the user flag and d***** password, I can't figure out the priv esc. Please dm hints.

    Edit rooted
  • @inspek said:
    Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too...as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level...hints would appreciated trough pm thanks anyone

    nvm got the creds needed to secure m yself on the other side , python console now comes the h20 path

    inspek

  • Finally got root!

    inspek

  • could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i'm using behave weirdly. i'd just like to know if i'm doing it wrong, i got user and h2 console access. it just doesn't like me and yeah ,i could try other stuff but i'd like to not use metasploit. don't get me wrong it's a powerful tool but it's also very obscure sometimes and i'd rather take the rocky road and figure it out (unless it's 1500 lines of bash script because f**k that noise)

  • edited October 2018

    help me getting the user.. Hint PLease!

    How to to get enc file..?

  • @horrorshow1984 said:
    could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i'm using behave weirdly. i'd just like to know if i'm doing it wrong, i got user and h2 console access. it just doesn't like me and yeah ,i could try other stuff but i'd like to not use metasploit. don't get me wrong it's a powerful tool but it's also very obscure sometimes and i'd rather take the rocky road and figure it out (unless it's 1500 lines of bash script because f**k that noise)

    I'm in the same boat as you. Did you make any more progress?

  • @ThMgnfcntStnr said:

    @horrorshow1984 said:
    could someone help me out on this? i know what to do and i (assume) i know how to do it but i encounter strange permission problems and the tools i'm using behave weirdly. i'd just like to know if i'm doing it wrong, i got user and h2 console access. it just doesn't like me and yeah ,i could try other stuff but i'd like to not use metasploit. don't get me wrong it's a powerful tool but it's also very obscure sometimes and i'd rather take the rocky road and figure it out (unless it's 1500 lines of bash script because f**k that noise)

    I'm in the same boat as you. Did you make any more progress?

    You and horrorshow1984 PM me, I'll see if I can help

    --Skunkfoot

  • got it! thanks to @inspek!

  • Getting annoyed with Hawk, someone keeps Dossing the portal. Keep getting WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)

  • Rooted. PM if you need help

    drywaterv2

  • @hermajordoctor said:
    Getting annoyed with Hawk, someone keeps Dossing the portal. Keep getting WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)

    same here ... please dont Dos the portal

  • Interesting box!!. Thank you

  • Finally rooted after managing to get a stable box. Good lessons!

  • edited October 2018

    The box just got reset and now I can no longer access a service on a high port, what would be causing this?
    Just read through all the posts, apparently I was never supposed to see that in the first place lol (at least, not as a remote user)

  • edited October 2018

    I can't see to find where to start a foothold.. anyone want to point me in the right direction? And is the messages directory via ftp supposed to not have anything in it?

  • edited October 2018

    Got the shell...any idea on priv esc?
    found the plaintext password....but no luck with root
    OH...finally Rooted...was easy

  • Enumerate , enumerate. If you have good enumerated for user shell, it must follow the way and get the root quite easily.

    Rooted yesterday, very good box :)

Sign In to comment.