Hawk

I got the encrypted file and have admin access to the web portal. Trying to figure out how I can get ssh from here.

I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

@Glasgow said:
I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

how to log in to the last step? — which service that you want to login?
if you stay on last step
maybe i already got it

Stuck at decrypting encrypted file, PM

Can anyone help with decrypting the file I am banging my head against the wall on trying to crack this thing… +resp if you can help enough to crack it!

PM me i can help with the file

The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

@Bowlslaw said:

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

I believe so, I have digest the file but I still can not get the file to crack.

I may be going about it the wrong way .

Got user, totally stuck on privesc.

@takuma said:
@Glasgow said:
I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

how to log in to the last step? — which service that you want to login?
if you stay on last step
maybe i already got it

The console that is only available on localhost. Sorry, trying to be vague to not spoil anything.

I’m stuck on the portal. Any advice on how to get a shell to the box?

Anyone having issues with the web app dropping? I’ve started seeing a “Failed to daemonise. Connection refused”

Also, is anyone willing to offer a light push for init. foothold? I’ve already pulled and decrypted [.enc] but now i’m coming up short.

Been stuck on privesc for a few days now. I can login via ssh, and I see the other service. Can someone please PM me with some help?

Had trouble finding the file until I realized I am an idiot. ha!

Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

@fl337 said:
Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

Im struggling with this one too…I know its right in front of me!

Edit: user. Done

Edit: root. Done

This machine was not that difficult but there are some lessons learned for sure. The biggest one? Slow down. Look at what is right in front of you and remember that not everything problem needs to be met with an elaborate solution.

Cheers

I was able to get root.txt without having a shell as root. Out of curiosity, is it possible to get a shell as root for this box?

Got user.txt boiz!!! Lol super simple don’t over think things!! :slight_smile: Onto priv esc… Let’s get some H20 first hehe :wink: I already think I’m on the right path!

Just got the user flag last night - I guess when a guy called “mrh4sh” is making the machine, you kind of expect some sort of cracking to get you on your way :wink: