Hawk

Hi, i got the enc encrypted file, any hints on how to decrypted i’ve tried many things but can’t get it done.

Rooted.

A few things:

  1. I found 2 ways to get user.txt. One with shell, one without.
  2. Once you are in, I believe there are 2 ways to get the root.txt, one employs the method we used in poison, the other, did not, I used the one used in poison.

I want to exchange notes with the ones who has rooted with the method we used in Poison.

If you don’t know what to do next… Searchsploit
Searchsploit is very very very useful.

this box has been tough man… ive got a steep learning curve on wet service. got a hit from a shell but it closes immediately. hmmm

Just rooted Hawk without dl or his password. Don’t waste time searching for it…
It’s possible to go from w
**a to root in one step.

Did some one change the password?, i’ve drecrypted the file and find the user d***l and the password, but it’s not working, i think someone its changing the password.

@mcruz said:
Did some one change the password?, i’ve drecrypted the file and find the user d***l and the password, but it’s not working, i think someone its changing the password.

For the web portal or SSH? If web portal try other usernames. Maybe the most common default ones??

@impetuousdanny said:

@mcruz said:
Did some one change the password?, i’ve drecrypted the file and find the user d***l and the password, but it’s not working, i think someone its changing the password.

For the web portal or SSH? If web portal try other usernames. Maybe the most common default ones??

Thanks for your response, i’ve got the portal but can’t find ssh, i mean when i decrypt the file it gave me a username d****l is that the user for ssh?

Check the passwd file for available users. I will say that you might need to look around for more credentials. > @mcruz said:

@impetuousdanny said:

@mcruz said:
Did some one change the password?, i’ve drecrypted the file and find the user d***l and the password, but it’s not working, i think someone its changing the password.

For the web portal or SSH? If web portal try other usernames. Maybe the most common default ones??

Thanks for your response, i’ve got the portal but can’t find ssh, i mean when i decrypt the file it gave me a username d****l is that the user for ssh?

Check the passwd file for available users. I will say that you might need to look around for more credentials.

Thanks.

Should i use d****l to log in to ssh?

Really having trouble dealing with this enc file, could someone PM me for a push in the right direction? I think I have the right tool but I’m having trouble actually getting any usable output.

test

I cant own user. Any hint pls :frowning:

Can someone please PM me a hint for priv esc from W******* to D*****? I have ran LinEnum and literally cat-ted every conf type file but still couldn’t find anything juicy.
Been stuck on it since few days.

Any help will be appreciated :slight_smile:

I am having the same problem with privesc… I thought I would be able to get into this one the same way as poison but I can’t seem to get root when i connect(probably have an incorrect setting somewhere). I have user.txt, got user login, and found that other login page but can’t seem to do anything with it.

Anyone want to PM some advice?

Edit:

Oh man, this was a fun box. Very similar to poison in how to solve it but the whole process from start to finish was great. PM if you need any help!

Thanks @gm0 :+1:

Just rooted this box and I am so pleased!

Learned quite a lot from this, it is definitely one of the better boxes I have done.

As somebody said on one of the DevOps threads - ::rootdance::

Thanks @mrh4sh

Spoiler Removed - Arrexel

Is it normal if I can find the enc file in the F** service? do I need to work on drupal first?
EDIT:
Nvm found it.

@mcruz said:
Hi any hint on privesc to daniel please.

Look harder. Bad password policy. cat and grep are your friends.

@impetuousdanny said:

@mcruz said:
Hi any hint on privesc to daniel please.

Look harder. Bad password policy. cat and grep are your friends.

Thanks