@crisco said:
So, the tool to decrypt the file from GitHub didn’t work for me. It didn’t find the correct password (it couldnt even do it with an example file using “password” as the password), but doing it manually in Python cracked it in about 10-20 seconds with a good wordlist, and was only about 20 lines of code (including fancy argument handling xD).
Similar issue here - scripting the commands to run the decrypt routines worked - the GitHub code did not.
Just got root. The crucial thing for both user and root is to take things slow. The path is relatively straight forward, but you need to read the source code of the exploits and understand what it’s doing and make necessary modifications in the source code or do some other prior setup.
For root, someone already mentioned this, but consider your approach in Poison. Very similar path.
Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?
@StarLord95 said:
Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?
Are you sure you tried all services? Just stick with the password first.
Edit: There is a big hint inside the file where you found the credentials
@StarLord95 said:
Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?
Are you sure you tried all services? Just stick with the password first.
Edit: There is a big hint inside the file where you found the credentials
Oh…just needed to use a more privileged username ;). But what now, can’t find anything juicy inside the service.
Edit:
never mind
Edit 2:
And now I’m stuck again. God dammit
Hints on priv esc onto root?
Finally rooted! Really cool box, took me days to figure it out
Thanks to everyone for the nudges.
If anyone needs help feel free to write me.
For the last part, even if you’re thirsty there are 45105 ways to do it!
I am stuck on getting the creds for d****l. I have a RCE on the box, and have trawled through every cfg, conf, cnf file, and run enum script, but still missing something.
If anyone could give me a hint that would be appreciated.
@3x0z said:
Finally rooted! Really cool box, took me days to figure it out
Thanks to everyone for the nudges.
If anyone needs help feel free to write me.
For the last part, even if you’re thirsty there are 45105 ways to do it!
Anyone PM me regarding PrivEsc from w**-d*** to d*****? I think i have looked through every config file on the box. Tried searching every keyword i can think of relating to ssh/password/privatekeys etc… Ran enum scripts/pspy etc…
Can anyone give me some pointers for priv escalation? I think I have found the water thing that everyone is talking about but not sure what to try next??