Hawk

Should i use d****l to log in to ssh?

Really having trouble dealing with this enc file, could someone PM me for a push in the right direction? I think I have the right tool but I’m having trouble actually getting any usable output.

test

I cant own user. Any hint pls :frowning:

Can someone please PM me a hint for priv esc from W******* to D*****? I have ran LinEnum and literally cat-ted every conf type file but still couldn’t find anything juicy.
Been stuck on it since few days.

Any help will be appreciated :slight_smile:

I am having the same problem with privesc… I thought I would be able to get into this one the same way as poison but I can’t seem to get root when i connect(probably have an incorrect setting somewhere). I have user.txt, got user login, and found that other login page but can’t seem to do anything with it.

Anyone want to PM some advice?

Edit:

Oh man, this was a fun box. Very similar to poison in how to solve it but the whole process from start to finish was great. PM if you need any help!

Thanks @gm0 :+1:

Just rooted this box and I am so pleased!

Learned quite a lot from this, it is definitely one of the better boxes I have done.

As somebody said on one of the DevOps threads - ::rootdance::

Thanks @mrh4sh

Spoiler Removed - Arrexel

Is it normal if I can find the enc file in the F** service? do I need to work on drupal first?
EDIT:
Nvm found it.

@mcruz said:
Hi any hint on privesc to daniel please.

Look harder. Bad password policy. cat and grep are your friends.

@impetuousdanny said:

@mcruz said:
Hi any hint on privesc to daniel please.

Look harder. Bad password policy. cat and grep are your friends.

Thanks

I’m already drinking H2O on my localhost but I can’t find the credentials to exploit it ugh

@usmcreptar said:
I’m already drinking H2O on my localhost but I can’t find the credentials to exploit it ugh

Im right there as well… tried all the creds I currently know with no luck

ok i got it. after a reset it logged right in. somebody must have fuxed with something a locked us out

@Djinn45SQL99 said:
ok i got it. after a reset it logged right in. somebody must have fuxed with something a locked us out

still can’t login with one of the previous credentials

@usmcreptar said:
still can’t login with one of the previous credentials
There’s something you can do from there that doesn’t require logging in, I was hitting my head against the wall there a while too

Rooted special thanks to armatank for his great help. This box was a drupal four a hawk, for real pay attention to what i’ve just said, that’s the real hint folks.

Got the root flag, if anyone needs help send me a message.

I am still working on the .enc file. I already digest the file but I for some reason can not brute force it. (Been stuck for 3+ days :frowning: )

Do I need the file to log in or am I approaching this a wrong direction?

What is this .enc file you guys are talking about? I have scanned every port and have gone through some of the directories, but I cannot find any file.