Hawk

The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

@Bowlslaw said:

@RedTeamIntern said:
The file is trolling me…I have spent countless hours on it.

Can anyone help me crack the file please?
Will give +respect to who helps me.

Do you know what you are searching for?

I believe so, I have digest the file but I still can not get the file to crack.

I may be going about it the wrong way .

Got user, totally stuck on privesc.

@takuma said:
@Glasgow said:
I’d seen mention that the box was patched. Does anyone know if this impacts the privesc? Someone mentioned that the privesc didn’t require logging in, but wondering if that exploit was what was patched. If so, can anyone give me a nudge on how to log in to the last step? I’ve tried passwords from enc file, website, and user but with no luck. (I’m on MM too if that’s easier)

how to log in to the last step? — which service that you want to login?
if you stay on last step
maybe i already got it

The console that is only available on localhost. Sorry, trying to be vague to not spoil anything.

I’m stuck on the portal. Any advice on how to get a shell to the box?

Anyone having issues with the web app dropping? I’ve started seeing a “Failed to daemonise. Connection refused”

Also, is anyone willing to offer a light push for init. foothold? I’ve already pulled and decrypted [.enc] but now i’m coming up short.

Been stuck on privesc for a few days now. I can login via ssh, and I see the other service. Can someone please PM me with some help?

Had trouble finding the file until I realized I am an idiot. ha!

Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

@fl337 said:
Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

Im struggling with this one too…I know its right in front of me!

Edit: user. Done

Edit: root. Done

This machine was not that difficult but there are some lessons learned for sure. The biggest one? Slow down. Look at what is right in front of you and remember that not everything problem needs to be met with an elaborate solution.

Cheers

I was able to get root.txt without having a shell as root. Out of curiosity, is it possible to get a shell as root for this box?

Got user.txt boiz!!! Lol super simple don’t over think things!! :slight_smile: Onto priv esc… Let’s get some H20 first hehe :wink: I already think I’m on the right path!

Just got the user flag last night - I guess when a guy called “mrh4sh” is making the machine, you kind of expect some sort of cracking to get you on your way :wink:

I have decrypted the .enc file and gained the password however I am completely stuck on where to use it…

Tried all the usual names in username on main drupal site but getting nothing :anguished:

I’m stuck and I’ve been stuck for a long time now. I don’t know how to decrypt the file. (I don’t have any background in this kind of matter), feel free to PM me :slight_smile:

Rooted! - Super fun box…

If anyone needs help feel free to drop me a PM! :+1:

Enjoyed this box. Knowledge from a previous box defo helped me on this one.

@Glasgow said:
… Out of curiosity, is it possible to get a shell as root for this box?

Yes.

Just rooted it. This one was a trip! Some hints that would have been helpful to have:

  • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
  • If you’re at the river, ready to drink water but having trouble finding access, try a different spot in the same river

If you’re stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.