Hint for Sunday

I swear to a deity that someone had changed something in the interesting file - gits!! Rooted it within 5 mins after checking it again!!! >_<

Jeez - what kind of wordlist do you have to use to crack that password you get from that file? have spent hours on trying to crack it to no avail. Tips welcome!

rockyou did it…

managed to root it. Complex, but nice!

I ended up not having to crack root’s password to obtain root.txt. The whole challenge wasn’t too bad. I spent most of my time with the initial foothold – figuring out the first username was the most difficult part for me. :-\

i have only 2 services listed rom the nmap scan rpc and finger ssh closed and the other ports filtered , i should deal with em with rpcino showmount and mount and finger but non of this tools are working i tried in kali 2016 kali2017 windows 8 windows xp , no result i just got auth error !! am i far away rom the right truck ?

@waspy said:
i have only 2 services listed rom the nmap scan rpc and finger ssh closed and the other ports filtered , i should deal with em with rpcino showmount and mount and finger but non of this tools are working i tried in kali 2016 kali2017 windows 8 windows xp , no result i just got auth error !! am i far away rom the right truck ?

Try a full port scan - and try enumerating finger :slight_smile:

@loln00b thnx for replay yeah i did and i got 2 users also with metasploit got the running services but what to do next if i cant mount the rpc ?

Edit: Scan slow boys…
But now that I got the service I am needing, I am lost on password enumeration.
Do we need to brute the login?

I’m using rockyou.txt as my dictionary, I’m not sure I’m on the right track, because the hydra told me I should wait for at least … (when I switch my window, I have found the right password). OK, patient guys.

Now I am stuck on switching users locally. I feel like I am enumerating everything and missing something.
Someone please PM me a tip here, I feel like I am dead lost now.

I’m struggling with this mainly because all of my connections keep timing out even on VIP. I’m using sensitive options on my tools to keep things light and slow and I’m trying to use really targeted information but I can’t get anywhere.

Perhaps I’m just going about this the wrong way.

Please stop wiping out pwds…
I can’t even reset the machine
EDIT:
I just got root shortly after user with some help from @Grepthis

This box was an interesting one. Definitely learned a lot about solaris and some tools :bleep_bloop:

Wow, that was much easier than I thought… but fun! Fun and interesting, a big thank you to the creator, this was my first Solaris machine so I got to learn plenty new things from it.

A little hint for anyone who’s looking for root.txt: we’re not root (yet) so we can’t open the file ourselves… but what if we asked a program that has access to it to do the job for us in a slightly unorthodox way? The tool will complain, but we will get what we want! Read the man page of the tool in question very, very carefully, go through every single option.

The user and all related content has been deleted.

@NyaMeeEain said:
I hate Sunday. I have been trying to root for several days .Its allow wget file without root password.I= I tried sudoes and password overwrite.Its not working.can someone help me to sovle.

You don’t have to overwrite anything, just study the manual and read all the hints in this thread again if you still can’t think of anything that could be useful to you.

I absolutely love the way that we have to use the commands that are not meant to do things we want to our advantage. Nice little tricks to remember.

Root Dance

Spoiler Removed - Arrexel

This was an awesome box. Learned a lot. Took me the longest to get user, root was done in 15 min (without editing any files). One of the more original boxes!

rooted any one need help can pm me