Hawk

1246718

Comments

  • @amshusky18 said:
    You were missing a simple arguement in the command..

    All arguments are simple, if you know what the right ones are. I think I know what you're referring to, but what I did was simple, and faster than testing a bunch of options, when I didn't have a clue which one was right (as it turns out, in hindsight, I know the option I needed, and it would have been one of the last in a list of about 15 different trys, and each would have had to run through my entire wordlist. All in all, I don't regret just scripting it. ¯_(ツ)_/¯

    @sazouki said:
    i cracked it with 4 lines bash script lol

    You're right. That's totally an option. You can do it in 1 line, really (while read line; do {decryption command} 2>1 >/dev/null && echo "password is $line" && break; done < dictionary.txt I just like scripting things nice and neat so I can come back in months and still be able to understand exactly how I got from point A to point B within a few seconds.

  • I'm trying to decrypt the file with the 'tool', but i think i'm missing something. can anyone help me let me know what is it that i am missing?

    pzylence
    OSCP

  • Finally..! got R00T ;)

    Learned so much of new things. PM for hints.

    lahirukkk

  • edited July 2018

    Got ROOT.
    Thanks for @felli0t and @lahirukkk

    ArmaTank

  • @lahirukkk said:

    @TheBandit said:

    @cucumber said:

    @TheBandit said:
    Hi all ,
    So i got the encrypted file , digested it but then john wasn't able to help me with that digest. .. What am i doing wrong ? Thanks in advance ...

    You may want to view the contents of the encrypted file. Digesting the file isn't likely to help you with that...

    Tried that also , after decrypting it i got ... some gibberish stuff ..

    Look for tool in github it will hel you to decode the gibberish stuff ;)

    Thanks for the info :)

    TheBandit

  • @lahirukkk said:

    @TheBandit said:

    @cucumber said:

    @TheBandit said:
    Hi all ,
    So i got the encrypted file , digested it but then john wasn't able to help me with that digest. .. What am i doing wrong ? Thanks in advance ...

    You may want to view the contents of the encrypted file. Digesting the file isn't likely to help you with that...

    Tried that also , after decrypting it i got ... some gibberish stuff ..

    Look for tool in github it will hel you to decode the gibberish stuff ;)

    Thanks for the info , worked like a charm :)

    TheBandit

  • @TheBandit said:

    @lahirukkk said:

    @TheBandit said:

    @cucumber said:

    @TheBandit said:
    Hi all ,
    So i got the encrypted file , digested it but then john wasn't able to help me with that digest. .. What am i doing wrong ? Thanks in advance ...

    You may want to view the contents of the encrypted file. Digesting the file isn't likely to help you with that...

    Tried that also , after decrypting it i got ... some gibberish stuff ..

    Look for tool in github it will hel you to decode the gibberish stuff ;)

    Thanks for the info , worked like a charm :)

    Anytime mate ;)

    lahirukkk

  • Rooted it. :D Good box. For me, Priv Esc is much easier than user.txt.

  • didnt found ssh key for user d**** should i bruteforce it ?

    Arrexel
    OSCP | I'm not a rapper

  • edited July 2018

    I've resorted to writing a python script to use the 'tool' to try every possible cipher and digest with rockyou. Really hoping this one works..losing the will to live, will report back with findings!

    EDIT: Took a while but managed to finally decrypt this blasted file. My advice to others is to try and write your own script.

    EDIT #2: That was a journey. Finally got root! For PrivEsc check config files, and try any creds for all services. There is a popular blog post to help you with h20 to grab the flag.

    Hack The Box

  • Finally rooted, took me long enough to work out the priv escalation parameters, obvious now though

    Parttimesecguy

  • @sazouki said:
    didnt found ssh key for user d**** should i bruteforce it ?

    no

  • @baegmon said:

    @sazouki said:
    didnt found ssh key for user d**** should i bruteforce it ?

    no

    so i should keep looking xd

    Arrexel
    OSCP | I'm not a rapper

  • @sazouki said:

    @baegmon said:

    @sazouki said:
    didnt found ssh key for user d**** should i bruteforce it ?

    no

    so i should keep looking xd

    nothing fancy is needed to get to the user, maybe even look for specific keywords on the system.

  • cant decrypt the file with the tool i found on github, what am i doing wrong? can anyone PM me for help pls.

  • > @amshusky18 said:
    > Guys, Any hints on Priv esc? I'm stuck after user.. I read the clues mentioned above, but not sure what to do about it..

    sometimes you cross the H2O going through a tunnel ;)
  • @securityNinja said:
    Make it a habit to keep notes of every box you solve on HTB. Some scenarios are similar and this box is an example. If you managed to pwn root on Poison...priv esc should be easy.

    but in this box no key to connect the service through S**

    Arrexel
    OSCP | I'm not a rapper

  • rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service

    Arrexel
    OSCP | I'm not a rapper

  • > @sazouki said:
    > rooted but i dont know how lol any one pm me how you got the db path to run the exploit because i found it by luck in H* Con*** but now i cannot access to that service

    well that's weird most of the members rooted the box with methode same like Poison box but for me i just downloaded an exploit script and run it lol

    Arrexel
    OSCP | I'm not a rapper

  • I have the .enc file. I have tried using a tool from Github (based on error output) to no avail. Can someone PM me to discuss the tool and where I am going wrong?

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • ^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :)

  • need a nudge for priv esc to d*****...

    pzylence
    OSCP

  • @alexmo said:
    ^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :)

    Check Github for relevant tools to help you.

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • I have gained access to the portal. I am struggling to get a shell of any kind. Can someone please DM me to help me work through it?

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • Looking for some help withe the priv esc (think I have an idea). Please PM me if you would like to help :3

  • edited July 2018

    Is anyone around to help on the .enc file? bit confused on next step after getting it.

    nm. got it decoded. onto next step now.

  • Any help with priv esc would be much appreciated. PM me :)

  • > @notzach said:
    > Any help with priv esc would be much appreciated. PM me :)

    it's summer time you need a lot of H2O try to find exploit to get some ;)

    Arrexel
    OSCP | I'm not a rapper

  • I need help on the encoded file. Can someone pm me?

    cortex42

  • Hm. Recently started the box. Not sure whether drupal is rabbit hole. Seems to be foothold for other restricted services. Still didn't find any .enc files. :confused:

    Hack The Box

Sign In to comment.