Hawk

priv esc can be done with something you used to be unable to see, but after getting user, now you can.

Does anyone know why the box is so slow? People brutforcing the login page massively?..

@THYemre said:
There was very easy method on it, But it patched . Now Im still trying decrypt file. But there are errors on Hawk I think

Wait, are you saying the box was patched after it came up? Or what would have been easy entry on the box never was an entry point?

any hints on decrypting the file, I could try brute forcing, but that seem inelegant

Just bruteforcing will cook my pc. Hope its something else =/
Edit: well, guess it depends on the tool

@Parttimesecguy said:
any hints on decrypting the file, I could try brute forcing, but that seem inelegant

Sometimes being inelegant can be elegant … if you do it right :wink:

so brute force is the answer? I haven’t had any luck if it is…

fun box

I found a tool in a repository, but I’m not sure if that’s the right tool as I’ve tried. Probably doing something wrong (wrong flags, wordlist)

i’m enum everthing but still have no idea how to find pass for user : d***** ?

any pointers on the wordlist? tried the usuals but nothing yet

@giido said:
any pointers on the wordlist? tried the usuals but nothing yet

maybe the cipher is wrong?

@giido said:
any pointers on the wordlist? tried the usuals but nothing yet

same boat

me too no idea

any clues on priv escalation? I can see a DB running as root, but not sure if that’s right or how to proceed

any hint on wordlist pls?

@mrh4sh
very nice box, I enjoyed it a lot.

Anyone have any hints for privesc?

@lahirukkk said:
any hint on wordlist pls?

Like @Parttimesecguy said , Maybe the cipher is wrong… simple wordlists are fine

@xMagass said:

@retr090 said:
any hint on wordlist pls?

Like @Parttimesecguy said , Maybe the cipher is wrong… simple wordlists are fine

As you said cipher is wrong. got the password now. Thanks :smiley: