@TheBandit said:
Hi all ,
So i got the encrypted file , digested it but then john wasn’t able to help me with that digest. … What am i doing wrong ? Thanks in advance …
You may want to view the contents of the encrypted file. Digesting the file isn’t likely to help you with that…
Tried that also , after decrypting it i got … some gibberish stuff …
Look for tool in github it will hel you to decode the gibberish stuff
@TheBandit said:
Hi all ,
So i got the encrypted file , digested it but then john wasn’t able to help me with that digest. … What am i doing wrong ? Thanks in advance …
You may want to view the contents of the encrypted file. Digesting the file isn’t likely to help you with that…
Tried that also , after decrypting it i got … some gibberish stuff …
Look for tool in github it will hel you to decode the gibberish stuff
I’ve resorted to writing a python script to use the ‘tool’ to try every possible cipher and digest with rockyou. Really hoping this one works…losing the will to live, will report back with findings!
EDIT: Took a while but managed to finally decrypt this blasted file. My advice to others is to try and write your own script.
EDIT #2: That was a journey. Finally got root! For PrivEsc check config files, and try any creds for all services. There is a popular blog post to help you with h20 to grab the flag.
@securityNinja said:
Make it a habit to keep notes of every box you solve on HTB. Some scenarios are similar and this box is an example. If you managed to pwn root on Poison…priv esc should be easy.
but in this box no key to connect the service through S**
rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service
@sazouki said:
rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service
well that’s weird most of the members rooted the box with methode same like Poison box but for me i just downloaded an exploit script and run it lol
I have the .enc file. I have tried using a tool from Github (based on error output) to no avail. Can someone PM me to discuss the tool and where I am going wrong?