Hawk

@Djinn45SQL99 said:
which wordlist to use to crack the .env file???

You can use the ‘common.txt’ somewhere in ‘/usr/share/wordlinst/dirb’ or ‘/usr/share/wordlinst/dirbbuster’, i don’t remember the exact path :wink:

@TazWake said:
For me, the biggest challenge was having a stable enough box, so I could go through each of the things I needed to do to get the root flag. Every time I got close, it seemed someone would reset the box (and in one case install a webshell on the login page which was really frustrating).

If you can attack this box between about 0800 - 1100hrs GMT you have the best chances of stability.

Totally agree. Sometimes people press reset button because they don’t know what to do (Poison box, other Windows machine boxes that they can not find open ports)

Hi… can I PM someone to discuss privesc… I got user d* I can see H2, but cannot login… never mind got it… :slight_smile:

If someone could give me a nudge in the right direction I will appreciate it.

I am connected to the platform as administrator. I found out that I can create a page with XSS but this doesn’t help at this box I believe.

I have to look deeper on the configuration of the platform or I am missing something more obvious? Thanks.

Edit: Nevermind I found something.

gahhh

Can’t find this d***** password anywhere in the box… Any hints as to where it could be? I’ve checked all the config files I can find.

Need a little help after getting access with w*.
Found something that should be usefull in a config file, but still cant progress to next step.
I wont go in to too many details to avoid spoilers. Help would be much appreciated.

can someone help to me about priv esc?I know which exploit I should use .I tried many things but I couldnt be success

I must admit I am being driven nuts by the escalation from w******* to d*****
Have been through so many files, but must be overlooking something hiding in plain sight…

Same here. I’ve been grepping all files for phrases like “pass” and “password”, but haven’t found anything useful.

Hello fellaHackers,
got the D user :wink:
at the moment Iam just stuck. Iam already on the watery path and I also found an exploit. But it seems that I do not have the right credentials or do I need to do smth else with all the water?

@s2233 said:
Same here. I’ve been grepping all files for phrases like “pass” and “password”, but haven’t found anything useful.

you are on the right path my friend

@Kadi said:
Hello fellaHackers,
got the D user :wink:
at the moment Iam just stuck. Iam already on the watery path and I also found an exploit. But it seems that I do not have the right credentials or do I need to do smth else with all the water?

You need to use the correct boat and the correct stream. :trollface:

@pzylence said:

@Kadi said:
Hello fellaHackers,
got the D user :wink:
at the moment Iam just stuck. Iam already on the watery path and I also found an exploit. But it seems that I do not have the right credentials or do I need to do smth else with all the water?

You need to use the correct boat and the correct stream. :trollface:

Thanks, I made it on land without getting wet. I had the boat, but could not figure out the right stream first.

How do I find the encrypted file really stuck at it for long please help any nudges

I just rooted this box, but I accidentally[0] found the user password for this machine. Could anyone here please PM me where I should have found that pass? I tried grepping through the filesystem, but to no avail.

[0]Through the use of pspy. Seriously though, that tool is awesome :slight_smile:

Rooted! Someone in this thread said that box has a rendundant practice in HTB machine and it’s true… It was under my eyes and i was stuck for hours in search for other possibilities… When I found the D***** user access i made a txt file with that mantra inside to never forget it! :+1:
For those is stuck an advice: don’t run into the rabbit hole as me it isn’t necessary.

Can someone PM and help me with getting root please!!!

Any hints about the place of the config file ?

So I got root.txt before I got user.txt… I feel like I did something the wrong way or that maybe something I did was not supposed to be possible. can someone please PM me so I can explain? It did involve that thirstyness mentioned before.