Hawk

Finally rooted, took me long enough to work out the priv escalation parameters, obvious now though

@sazouki said:
didnt found ssh key for user d**** should i bruteforce it ?

no

@baegmon said:

@sazouki said:
didnt found ssh key for user d**** should i bruteforce it ?

no

so i should keep looking xd

@sazouki said:

@baegmon said:

@sazouki said:
didnt found ssh key for user d**** should i bruteforce it ?

no

so i should keep looking xd

nothing fancy is needed to get to the user, maybe even look for specific keywords on the system.

cant decrypt the file with the tool i found on github, what am i doing wrong? can anyone PM me for help pls.

@amshusky18 said:
Guys, Any hints on Priv esc? I’m stuck after user… I read the clues mentioned above, but not sure what to do about it…

sometimes you cross the H2O going through a tunnel :wink:

@securityNinja said:
Make it a habit to keep notes of every box you solve on HTB. Some scenarios are similar and this box is an example. If you managed to pwn root on Poison…priv esc should be easy.

but in this box no key to connect the service through S**

rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service

@sazouki said:
rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service

well that’s weird most of the members rooted the box with methode same like Poison box but for me i just downloaded an exploit script and run it lol

I have the .enc file. I have tried using a tool from Github (based on error output) to no avail. Can someone PM me to discuss the tool and where I am going wrong?

^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :slight_smile:

need a nudge for priv esc to d*****…

@alexmo said:
^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :slight_smile:

Check Github for relevant tools to help you.

I have gained access to the portal. I am struggling to get a shell of any kind. Can someone please DM me to help me work through it?

Looking for some help withe the priv esc (think I have an idea). Please PM me if you would like to help :3

Is anyone around to help on the .enc file? bit confused on next step after getting it.

nm. got it decoded. onto next step now.

Any help with priv esc would be much appreciated. PM me :slight_smile:

@notzach said:
Any help with priv esc would be much appreciated. PM me :slight_smile:

it’s summer time you need a lot of H2O try to find exploit to get some :wink:

I need help on the encoded file. Can someone pm me?

Hm. Recently started the box. Not sure whether drupal is rabbit hole. Seems to be foothold for other restricted services. Still didn’t find any .enc files. :confused: