Hawk

I have the .enc file. I have tried using a tool from Github (based on error output) to no avail. Can someone PM me to discuss the tool and where I am going wrong?

^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :slight_smile:

need a nudge for priv esc to d*****…

@alexmo said:
^ I am also interested in tips for decrypting that file, i tried a lot of combinations already thanks :slight_smile:

Check Github for relevant tools to help you.

I have gained access to the portal. I am struggling to get a shell of any kind. Can someone please DM me to help me work through it?

Looking for some help withe the priv esc (think I have an idea). Please PM me if you would like to help :3

Is anyone around to help on the .enc file? bit confused on next step after getting it.

nm. got it decoded. onto next step now.

Any help with priv esc would be much appreciated. PM me :slight_smile:

@notzach said:
Any help with priv esc would be much appreciated. PM me :slight_smile:

it’s summer time you need a lot of H2O try to find exploit to get some :wink:

I need help on the encoded file. Can someone pm me?

Hm. Recently started the box. Not sure whether drupal is rabbit hole. Seems to be foothold for other restricted services. Still didn’t find any .enc files. :confused:

@mkind said:
Hm. Recently started the box. Not sure whether drupal is rabbit hole. Seems to be foothold for other restricted services. Still didn’t find any .enc files. :confused:

check nmap again

just owned the machine! for help pm me

Same here, Just owned it system as well.

For those stuck on file, I did it with a one line bash command BUT it was NOT the fastest way. I was in no rush and it was cracked the next morning. Just need to know how that command can make those files in the first place.
There are already several hints on here as to what tools are out there to use if you don’t want to wait all night.

For those stuck on getting into user, just look around. You know some places that store sensitive information, try there first.

For those stuck on PE, don’t think too hard. Once you can see it… just google a bit.

Anyone want to PM a hint on how to get initial foothold? I found a couple of directories that might allow for system command injection but can’t figure out how to exploit from there.

Spoiler Removed - Arrexel

Hi,

I cracked the file, and I got reverse shell as www-data. I know what service I need to attack and which exploit to use. Can I get some help to ssh as the other user?

Fun box, GOT ROOT SHELL and learned about H2 in the process. I tell you the resets were killing me. I would just about get root, and it was reset.

Anyone help with the initial start ?

@pkneca said:
Hi,

I cracked the file, and I got reverse shell as www-data. I know what service I need to attack and which exploit to use. Can I get some help to ssh as the other user?

same boat as you are currently. Would appreciate a hint as well.