Hawk

Got user.txt boiz!!! Lol super simple don’t over think things!! :slight_smile: Onto priv esc… Let’s get some H20 first hehe :wink: I already think I’m on the right path!

Just got the user flag last night - I guess when a guy called “mrh4sh” is making the machine, you kind of expect some sort of cracking to get you on your way :wink:

I have decrypted the .enc file and gained the password however I am completely stuck on where to use it…

Tried all the usual names in username on main drupal site but getting nothing :anguished:

I’m stuck and I’ve been stuck for a long time now. I don’t know how to decrypt the file. (I don’t have any background in this kind of matter), feel free to PM me :slight_smile:

Rooted! - Super fun box…

If anyone needs help feel free to drop me a PM! :+1:

Enjoyed this box. Knowledge from a previous box defo helped me on this one.

@Glasgow said:
… Out of curiosity, is it possible to get a shell as root for this box?

Yes.

Just rooted it. This one was a trip! Some hints that would have been helpful to have:

  • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
  • If you’re at the river, ready to drink water but having trouble finding access, try a different spot in the same river

If you’re stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

are there stability problems with this box ? I followed the right steps to get a shell but it keeps hanging on my terminal…I see the host connecting to me but the shell never pops out and keeps on loading…

Hmm if someone can assist me with foothold that would be nice.

Finally rooted. Since y’all are reading, here is my contribution.

(1) Make no assumptions.
(2) Try to do everything more than one way.
(3) If you are having trouble with the “file”, I favor creating your own script over the Github option. If you are having trouble, you can always practice creating your own “special file” and practice…
(4) Speaking of practice - it never hurts to spin up a VM and CMS.

Great machine - many lessons learned.

Rooted! Finally, I got stuck in so many places by mistake, btw, nice box, learned a lot :fist:? !
My advice:
keep it simple! Sometimes you just not need fully access to the machine btw, if u want the access, just pacience and cat files, rolf.
Even not need a shell ! (Maybe I solve it by the wrong way ): , if anyone solve it by other method, pm to discuss please :3!)
If you’re stuck in the Aqua portal, try to do the most simpliest thing, maybe you’re trying to access where you dont have to !
(Just erase if any spoiler is in this )
Thanks to everyone who help without spoiler!
If anyone needs help, just pm me !
Cheers !

Edit: Nevermind, found it.

I haven’t found a foothold yet. I keep reading about a file that has to be decoded or decrypted but I haven’t gotten that far. If you can give me a nudge, please PM me and I’ll explain what I’ve already done to enumerate the box. Thanks

@singularity said:
Just rooted it. This one was a trip! Some hints that would have been helpful to have:

  • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
  • If you’re at the river, ready to drink water but having trouble finding access, try a different spot in the same river

If you’re stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

many thanks to @singularity - +1 for this hint.

Got root today, so feel free to pm me for hints. I’m always happy to help.
However, I probably didn’t go down the nice road, though. I didn’t have to go via d***** and also did some inelegant stuff at the waterhole.
So, I would be glad if someone wants to discuss the approaches in order to learn from each other. Thanks!

FUCKKEN GOT EEEEEM BOISSSSS WOOOOW WHAT A RIDE LAWWWWRD JEEEZUS WOW THEIR IS A REALLY AWESOME SUUUUUUUPER DOPE POST THAT HELPED ME GET THE FINAL STEP FOR THE challenge WAAA IM THIRSTY NOW!!!

HEHE rooted ;D

Spoiler Removed - Arrexel

this was a great box, similar to a couple of other ones currently active.

I think some tips in here are a bit misleading;

on the file, you have everything you need on a base kali install, you don’t need to download anything or write any scripts. the whole process took less than 5 minutes on a VM with the usual wordlist.

on PE, take a careful look at your nmap output, there are big clues there to getting from the w user to the d user. from here, if you’ve done other similar boxes you should know what to do with the running services.

@crisco said:
So, the tool to decrypt the file from GitHub didn’t work for me. It didn’t find the correct password (it couldnt even do it with an example file using “password” as the password), but doing it manually in Python cracked it in about 10-20 seconds with a good wordlist, and was only about 20 lines of code (including fancy argument handling xD).

Similar issue here - scripting the commands to run the decrypt routines worked - the GitHub code did not.

rooted… great things learned on the way! got a taste of h2
PM for help