Hawk

@Djinn45SQL99 said:
ok i got it. after a reset it logged right in. somebody must have fuxed with something a locked us out

still can’t login with one of the previous credentials

@usmcreptar said:
still can’t login with one of the previous credentials
There’s something you can do from there that doesn’t require logging in, I was hitting my head against the wall there a while too

Rooted special thanks to armatank for his great help. This box was a drupal four a hawk, for real pay attention to what i’ve just said, that’s the real hint folks.

Got the root flag, if anyone needs help send me a message.

I am still working on the .enc file. I already digest the file but I for some reason can not brute force it. (Been stuck for 3+ days :frowning: )

Do I need the file to log in or am I approaching this a wrong direction?

What is this .enc file you guys are talking about? I have scanned every port and have gone through some of the directories, but I cannot find any file.

@Bowlslaw said:
What is this .enc file you guys are talking about? I have scanned every port and have gone through some of the directories, but I cannot find any file.

Run over all the ports again. Think of a service that you don’t always need a password for.

@RedTeamIntern said:

@Bowlslaw said:
What is this .enc file you guys are talking about? I have scanned every port and have gone through some of the directories, but I cannot find any file.

Run over all the ports again. Think of a service that you don’t always need a password for.

Of course! I learned about it. That’s pretty cool. Thanks for helping a newbie :slight_smile:

Rooted, PM me if you need help.

I got the encrypted file and have admin access to the web portal. Trying to figure out how I can get ssh from here.

I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

@Glasgow said:
I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

how to log in to the last step? — which service that you want to login?
if you stay on last step
maybe i already got it

Stuck at decrypting encrypted file, PM

Can anyone help with decrypting the file I am banging my head against the wall on trying to crack this thing… +resp if you can help enough to crack it!

PM me i can help with the file

The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

@Bowlslaw said:

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

I believe so, I have digest the file but I still can not get the file to crack.

I may be going about it the wrong way .

Got user, totally stuck on privesc.

@takuma said:
@Glasgow said:
I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

how to log in to the last step? — which service that you want to login?
if you stay on last step
maybe i already got it

The console that is only available on localhost. Sorry, trying to be vague to not spoil anything.