Hawk

@pkneca said:
I rooted the box, thanks.
any hint for pass d****** user

@raouf09 said:
i got a pass for encrypted file and i have shell with wta but no pass for D* user i try the pass for encrypt no chance and the pass on file decrypted no chance please any hint for me .

maybe u missing something for user d******
on s** acc

ok i got d****** pass. now i will performe the same operation as poison and i will drink some h2O any hint for tasting H20

@Rantrel said:
Same here, Just owned it system as well.

For those stuck on file, I did it with a one line bash command BUT it was NOT the fastest way. I was in no rush and it was cracked the next morning. Just need to know how that command can make those files in the first place.
There are already several hints on here as to what tools are out there to use if you don’t want to wait all night.

For those stuck on getting into user, just look around. You know some places that store sensitive information, try there first.

For those stuck on PE, don’t think too hard. Once you can see it… just google a bit.

how can i exploit H2 knowing that i get the port on my localh

thks for all i just root it

Rooted.

Sneaky beaky! Liked the priv esc/getting root - didn’t bother with reverse shell but it would’ve worked!

So I sort of have an idea about a poison-like approach to getting root but it seems that each time I try the box gets reset :cry:

The one time I got closest (very poison like) it just didn’t work so I suspect I just don’t type fast enough and may have to look at pushing an exploit.

Any hint for d**** user password?

@ghroot said:
Any hint for d**** user password?

same boat

@seiyathesinx said:
@ghroot said:
Any hint for d**** user password?

same boat

@seiyathesinx said:
@ghroot said:
Any hint for d**** user password?

same boat

@seiyathesinx said:
@ghroot said:
Any hint for d**** user password?

same boat

check some configuration files you will find what you’re looking for

got root, priv if need hint

For me, the biggest challenge was having a stable enough box, so I could go through each of the things I needed to do to get the root flag. Every time I got close, it seemed someone would reset the box (and in one case install a webshell on the login page which was really frustrating).

If you can attack this box between about 0800 - 1100hrs GMT you have the best chances of stability.

Got it :slight_smile:
Really nice one !

Does someone have a hint how to getting started?

Thanks

Getting an error when using a tool. Can someone point me and others in the right direction?

TOOL -t 8 -1 -f /usr/share/wordlists/rockyou.txt file.enc
Warning: using dictionary mode, ignoring options -b, -e, -l, -m and -s.

Error: file.enc is not a salted openssl file.

@outrun said:
Getting an error when using a tool. Can someone point me and others in the right direction?

TOOL -t 8 -1 -f /usr/share/wordlists/rockyou.txt file.enc
Warning: using dictionary mode, ignoring options -b, -e, -l, -m and -s.

Error: file.enc is not a salted openssl file.

If you cat the file.enc what you see isn’t a salted openssl file

Racking my brain trying to get D****** user password. Pretty sure it is needed to get root and connect to service over something.

@tiltedtimmy said:
Racking my brain trying to get D****** user password. Pretty sure it is needed to get root and connect to service over something.

Look for some obvious places. Such as configuration files :wink:

Anyone care to drop a hint RE: tunneling?