Poison

can anyone hint me with experiencing gray screen during priv sec?

@nikben said:
How do you pass the passphrase to unzip command?

%unzip secret.zip gives:
unzip: Passphrase required for this entry

Using -P option is not accepted, as it should:
unzip: illegal option – P

man unzip does not mention anything about password.
Googling around -P should be working.
Any clues?

Got it locally and extracted it.
I suppose there is no way to do it inside the Poison box…

@H4wk said:

@FK3 said:

@TheBandit said:

@FK3 said:

i kind of feel so dumb right now …still didn’t get the first access; although found the LFI and the encoded pass …but didn’t really know what to do …please some help :astonished:

Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here …

Thanks for the answer,
I actually stuck in there …the decryption of the secret …what algo …
is it complicated or I’m really overthinking it !!!

Its most common encoding/algo.

Thanks @H4wk …finally got it

rooted, nice box, frustrating but a good learning exercise

Got user, unzipped folder, found the service that I need to use and I think I know how to go about it but I feel like im just running straight into a wall at this point. Nothing is working. Super frustrating.

Can I PM someone to run my idea by?

Turns out I needed to increment the port I was connecting to the service on by 1… ■■■■ yeah root aquired!

Yea rooting this is ticking me off. I finally got it to work ONCE for like 10 seconds then the screen turned gray once I was in.

I’m stuck on rooting, I know which service to use and almost how to use it but I’m getting something in the command wrong. Can anyone PM me for some help?

Hello fellow hackstronauts,
I am def a noob compared to most around here, but I was wondering if anyone would be willing to give some subtle guidance via DM…

I am more than willing to learn from guidance, and ofc do all of the necessary work myself. Not trying to be a help-vampire!

With that said, I think I have recovered enough data to be able to pop a root shell (if this certain peice of data is what I think it is…), but in order to do so I need to get the user pwnage first. Which I unfortunately still haven’t accomplished… I’ve enumerated in every way that I possibly know how but still no luck.

I have more confidence in my familiarity of linux systems than anything else. I am a late-start college student studying comp. sci. and IT with a concentration in cyber defense, so these kind of exersices really get me excited! Or is that bc of watching Hackers too many times as a teenager?

Not looking for a handout… only help in learning my future trade =)

Hey folks, gonna try to keep this spoiler free. For the privesc on this one

  1. You’re gonna need to free something from the system (in addition to the file).
  2. Not all quotes are created equal.
    Hope this helps, feel free to PM me if you need some more help.

Hi all,
I’ve just find user.txt, but after a while my ssh connection to the VM was closed, and the same password I used for the user now it’s refused, so I can’t enter again.
I can’t figure out this

Hi Guys, I am stuck on the initial phase i.e. at user.txt file.

Can some help me.

@Aijaz said:
Hi Guys, I am stuck on the initial phase i.e. at user.txt file.

Can some help me.

Got user flag…Now for root flag.

I’m stuck at user.txt - tried a lot of things over the last 2 days but not progressing. Can anyone dm me a couple of pointers pls?

Wow i got root. That was nice box. PM me if you need any hints or something ;d

@vorlon said:
I’m stuck at user.txt - tried a lot of things over the last 2 days but not progressing. Can anyone dm me a couple of pointers pls?

Did you get the user.txt yet ? Tell me more in private, i may be able to give you a hint :wink:

I finally got root on this machine a few days ago, and this is my first ‘active’ machine on HackTheBox. Not much pentesting experience, so I’m still quite a noob, but this machine was definately an awesome learning experience.

Good luck!

When do boxes retire?

My first box rooted ever!

cant think of much to the reverse-able algo :frowning: guessing its rot13… any hints?