Hint for Sunday

1121315171820

Comments

  • @elio said:
    Can I PM somebody for the hash to crack (for sa***)? Syntax seems alright but it can't find anything (using hashcat and rockyou).

    EDIT: Tried again and it worked instantly, not sure what the problem was but oh well :D

    EDIT1: And root.txt obtained. Perhaps there were more ways to capture the flag using the same tool, if anyone wants to discuss them, PM me.

    can you help me with the hashcat command
    ?

  • can you help me with the hashcat command

    Sure, PM me your syntax!

    Elio

  • Hi,

    Totally stuck on this one. I have found few services and found some possible users enumerating one of this service but those users have nothing to do with the users everybody here is talking about (for exemple sa*** ?).

    Moreover, I cannot manage to make hydra working with Sunday : I still receive some errors like "ssh_exchange_identification: Connection closed by remote host"

    Any help would be appreciated thanks !

  • any help on user ?? got users from finger and now blank?

  • Got Root!! Thanks @Ismail @elio

  • @montyongoXOR said:
    any help on user ?? got users from finger and now blank?

    @14NC3107 said:
    Hi,

    Totally stuck on this one. I have found few services and found some possible users enumerating one of this service but those users have nothing to do with the users everybody here is talking about (for exemple sa*** ?).

    Moreover, I cannot manage to make hydra working with Sunday : I still receive some errors like "ssh_exchange_identification: Connection closed by remote host"

    Any help would be appreciated thanks !

    just guess some most relevant password for this box, its totally in front of you! one of the user will let you in with some easy guess in 2/3 tries.

  • @montyongoXOR said:
    any help on user ?? got users from finger and now blank?

    one of the user has the easiest password you can guess relevant to the box, try to login.

  • edited August 2018

    This is incredibly embarrassing but can someone PM a hint for user? I have read every single hint, I have a list of valid users. I've tired the most obvious or CTF-y passwords possible by hand and through programs. I'm clearly not doing something right...

    Thanks

  • @BlueGh0st said:
    This is incredibly embarrassing but can someone PM a hint for user? I have read every single hint, I have a list of valid users. I've tired the most obvious or CTF-y passwords possible by hand and through programs. I'm clearly not doing something right...

    Thanks

    Today is Saturday, maybe try again tomorrow?

  • Hello guys I'm stack on the Sunday box all Saturday :) I need help,.... Every one the tolking about hydra but me I don't find any login panel... I enumerate all the users I'm trying to connect on the web site but port 79 can not be accessed, I just want one little answer to start again thank you guys
  • edited August 2018

    I just rooted the box. Holy sh*t, I went to all rabbit holes during the final privesc, when the solution was practically in front of my eyes. Feel free to PM me if you need any spoiler-free hints.

    Revolution

  • edited August 2018

    @skyghost666 said:
    Hello guys I'm stack on the Sunday box all Saturday :) I need help,.... Every one the tolking about hydra but me I don't find any login panel... I enumerate all the users I'm trying to connect on the web site but port 79 can not be accessed, I just want one little answer to start again thank you guys

    1. Did you do a complete nmap scan?
    2. Are you sure you found all the users when enumerating? What tool did you use for this and what input did this tool use?
  • @Hacklen said:

    @skyghost666 said:
    Hello guys I'm stack on the Sunday box all Saturday :) I need help,.... Every one the tolking about hydra but me I don't find any login panel... I enumerate all the users I'm trying to connect on the web site but port 79 can not be accessed, I just want one little answer to start again thank you guys

    1. Did you do a complete nmap scan?
    2. Are you sure you found all the users when enumerating? What tool did you use for this and what input did this tool use?

    Hey man, I've found 2 ports, through one of them I've found 2 users.
    One of them is guess-able because it's common in hack the box and the other one is related to uncle sam(not the user, avoiding spoiler- someone who found the user will understand to which user I'm referring)

    I don't know how I can utilize the users\second port I've found.
    mind hinting\pming a guidance to some sources?

    Avi

  • @AviShabat said:
    I don't know how I can utilize the users\second port I've found.
    mind hinting\pming a guidance to some sources?

    Are really sure you found all the ports? Did you do a scan al the way up to port 65355?

  • get the access to the server , but there is no user.txt file

    Hack The Box

  • found it but i can't read it ?? any hint ?

    Hack The Box

  • YadYad
    edited August 2018

    Hello everyone.

    I was able to obtain the root flag (yay!).
    But I am still missing out on being root on the box. So i know about a possible way of getting root by editing passwd, but I dont want to do that since people are saying that it is possible to get root without modifying and files on the system.
    Which is why i obtained the root-hash and wanted to use hashcat like I did for one of the other users on the box.
    Has anybody managed to get the password for root via hashcat (With a standard desktop pc)?
    I already tried rockyou and many different pw-lists from seclist but had no luck yet.
    If anybody got the root-pw via hashcat, I would be verry happy to get a PM on which dictionary-file to use. Thanks in advance.

    And btw. Great box!
    Hint: Dont think too complicated : - ) I did and it cost me several hours.

  • Can't find much with enumeration. Did some finger-fu and got back some service accounts, and found high ports with two services, but I'm not familiar with one in particular and can't get much from it. Is this something I should research, or knock on the door until a pair lets me in?

  • I'm having a hell of a time doing my initial scan against this box. There's so much lag/so many dropped probes that nmap adjusts itself to where the full scan is going to take 12+ hours. Has anyone else had this issue/figured it out? I've tried all sorts of timing adjustments.

    opt1kz

  • edited August 2018

    @opt1kz said:
    I'm having a hell of a time doing my initial scan against this box. There's so much lag/so many dropped probes that nmap adjusts itself to where the full scan is going to take 12+ hours. Has anyone else had this issue/figured it out? I've tried all sorts of timing adjustments.

    I am also experiencing this and also with other boxes. I cannot get a stable latency.

  • Got user and I know what I need to do for root, but people keep screwing up important files.

    Bowlslaw

  • edited August 2018

    I just got the root flag easy peasy, but that's not good enough! I want a shell! I could very easily get one by writing to certain files, but I don't want to do that. It's too dirty.

    If the binary I was using was a slightly newer version I'm pretty sure I'd be able to achieve command execution with it, but not this one. Or perhaps I'm overlooking something.

    Anyone care to give me hints as to how they popped their shell? ;D

    Edit: Never mind. Found a semi-clean method I'm happy with. Overwrite a particular file with a modified copy to grant you access to whatever toys you want, pop a shell, immediately overwrite it again with the original version. As long as you don't f**k it up somehow it doesn't impact system stability at all.

    opt1kz

  • stuck on this box and need some help
    i found 2 service and enumerate all user and i guess the pass for su*** user according to hints but im not sure on how to connect im not familiar with 2nd service "higher port"
    anny hint is a entry point for me

    Raouf09

  • @raouf09 said:
    stuck on this box and need some help
    i found 2 service and enumerate all user and i guess the pass for su*** user according to hints but im not sure on how to connect im not familiar with 2nd service "higher port"
    anny hint is a entry point for me

    As has been said many times in this thread, if you've only found 2 services, and you're not sure how to connect, you might need to enumerate more.

    Hack The Box

  • This Box trolled Me, In The End !
    :astonished:

  • im stuck to switch between the tow users any hint for dump the file

    Raouf09

  • edited August 2018

    Can someone PM me and help with getting root? I have all of my steps laid out so I will tell you everything I have tried.

    EDIT: Scratch that! Got it! Very cool...

    Bowlslaw

  • Hello guys I'm stack in this box tu much time I don't find the way to read user.txt please give me one detail how to do it, thank you
  • I didn't use the technique everyone says though...pretty cool.

    Bowlslaw

  • Is there anyone willing to share their full nmap result? I really can't do full scan due to latency issues. It almost took me couple of hours and gets nothing, besides the machine keeps resetting by people. Thanks in advance!

Sign In to comment.