Hint for Sunday

@skyghost666 said:
Hello guys I’m stack on the Sunday box all Saturday :slight_smile: I need help,… Every one the tolking about hydra but me I don’t find any login panel… I enumerate all the users I’m trying to connect on the web site but port 79 can not be accessed, I just want one little answer to start again thank you guys

  1. Did you do a complete nmap scan?
  2. Are you sure you found all the users when enumerating? What tool did you use for this and what input did this tool use?

@Hacklen said:

@skyghost666 said:
Hello guys I’m stack on the Sunday box all Saturday :slight_smile: I need help,… Every one the tolking about hydra but me I don’t find any login panel… I enumerate all the users I’m trying to connect on the web site but port 79 can not be accessed, I just want one little answer to start again thank you guys

  1. Did you do a complete nmap scan?
  2. Are you sure you found all the users when enumerating? What tool did you use for this and what input did this tool use?

Hey man, I’ve found 2 ports, through one of them I’ve found 2 users.
One of them is guess-able because it’s common in hack the box and the other one is related to uncle sam(not the user, avoiding spoiler- someone who found the user will understand to which user I’m referring)

I don’t know how I can utilize the users\second port I’ve found.
mind hinting\pming a guidance to some sources?

@AviShabat said:
I don’t know how I can utilize the users\second port I’ve found.
mind hinting\pming a guidance to some sources?

Are really sure you found all the ports? Did you do a scan al the way up to port 65355?

get the access to the server , but there is no user.txt file

found it but i can’t read it ?? any hint ?

Hello everyone.

I was able to obtain the root flag (yay!).
But I am still missing out on being root on the box. So i know about a possible way of getting root by editing passwd, but I dont want to do that since people are saying that it is possible to get root without modifying and files on the system.
Which is why i obtained the root-hash and wanted to use hashcat like I did for one of the other users on the box.
Has anybody managed to get the password for root via hashcat (With a standard desktop pc)?
I already tried rockyou and many different pw-lists from seclist but had no luck yet.
If anybody got the root-pw via hashcat, I would be verry happy to get a PM on which dictionary-file to use. Thanks in advance.

And btw. Great box!
Hint: Dont think too complicated : - ) I did and it cost me several hours.

Can’t find much with enumeration. Did some finger-fu and got back some service accounts, and found high ports with two services, but I’m not familiar with one in particular and can’t get much from it. Is this something I should research, or knock on the door until a pair lets me in?

I’m having a ■■■■ of a time doing my initial scan against this box. There’s so much lag/so many dropped probes that nmap adjusts itself to where the full scan is going to take 12+ hours. Has anyone else had this issue/figured it out? I’ve tried all sorts of timing adjustments.

@opt1kz said:
I’m having a ■■■■ of a time doing my initial scan against this box. There’s so much lag/so many dropped probes that nmap adjusts itself to where the full scan is going to take 12+ hours. Has anyone else had this issue/figured it out? I’ve tried all sorts of timing adjustments.

I am also experiencing this and also with other boxes. I cannot get a stable latency.

Got user and I know what I need to do for root, but people keep screwing up important files.

I just got the root flag easy peasy, but that’s not good enough! I want a shell! I could very easily get one by writing to certain files, but I don’t want to do that. It’s too dirty.

If the binary I was using was a slightly newer version I’m pretty sure I’d be able to achieve command execution with it, but not this one. Or perhaps I’m overlooking something.

Anyone care to give me hints as to how they popped their shell? ;D

Edit: Never mind. Found a semi-clean method I’m happy with. Overwrite a particular file with a modified copy to grant you access to whatever toys you want, pop a shell, immediately overwrite it again with the original version. As long as you don’t f**k it up somehow it doesn’t impact system stability at all.

stuck on this box and need some help
i found 2 service and enumerate all user and i guess the pass for su*** user according to hints but im not sure on how to connect im not familiar with 2nd service “higher port”
anny hint is a entry point for me

@raouf09 said:
stuck on this box and need some help
i found 2 service and enumerate all user and i guess the pass for su*** user according to hints but im not sure on how to connect im not familiar with 2nd service “higher port”
anny hint is a entry point for me

As has been said many times in this thread, if you’ve only found 2 services, and you’re not sure how to connect, you might need to enumerate more.

This Box trolled Me, In The End !
:astonished:

im stuck to switch between the tow users any hint for dump the file

Can someone PM me and help with getting root? I have all of my steps laid out so I will tell you everything I have tried.

EDIT: Scratch that! Got it! Very cool…

Hello guys I’m stack in this box tu much time I don’t find the way to read user.txt please give me one detail how to do it, thank you

I didn’t use the technique everyone says though…pretty cool.

Is there anyone willing to share their full nmap result? I really can’t do full scan due to latency issues. It almost took me couple of hours and gets nothing, besides the machine keeps resetting by people. Thanks in advance!

@rocux said:
Is there anyone willing to share their full nmap result? I really can’t do full scan due to latency issues. It almost took me couple of hours and gets nothing, besides the machine keeps resetting by people. Thanks in advance!

Sent. The stability of this box is terrible