Hawk

@crisco said:
So, the tool to decrypt the file from GitHub didn’t work for me. It didn’t find the correct password (it couldnt even do it with an example file using “password” as the password), but doing it manually in Python cracked it in about 10-20 seconds with a good wordlist, and was only about 20 lines of code (including fancy argument handling xD).

Similar issue here - scripting the commands to run the decrypt routines worked - the GitHub code did not.

rooted… great things learned on the way! got a taste of h2
PM for help

Just got root. The crucial thing for both user and root is to take things slow. The path is relatively straight forward, but you need to read the source code of the exploits and understand what it’s doing and make necessary modifications in the source code or do some other prior setup.

For root, someone already mentioned this, but consider your approach in Poison. Very similar path.

Seconded
Just take what you have and put it together. And as already said: don’t overthink, think straight

Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?

Rooted! Pretty awesome box. PM for nudges

Gotten user, but stuck with root, know what to do with h20 but i cant do it without a D user. Any hint?

Edit : dont really need D user can be done without it, however u will still need a set of creds when u reach the river.

@StarLord95 said:
Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?

Are you sure you tried all services? Just stick with the password first.
Edit: There is a big hint inside the file where you found the credentials :wink:

@3x0z said:

@StarLord95 said:
Hey
I decrypted the .enc file. Seems like I have a user D***** and a password ***(…). I have tried using the credentials on all the services exposed. Is there another trick to this?

Are you sure you tried all services? Just stick with the password first.
Edit: There is a big hint inside the file where you found the credentials :wink:

Oh…just needed to use a more privileged username ;). But what now, can’t find anything juicy inside the service.
Edit:
never mind
Edit 2:
And now I’m stuck again. God dammit
Hints on priv esc onto root?

Could also use help on privesc… Found a method but can’t use it because i’m missing a certain pw for d***** :confused:

Great box. Struggled a bit decrypting a certain file but i really enjoyed it.

Wow finally got root. I didn’t bother for reverse shell for root though. Fun, annoying, clever. 10/10 would do it again!

Finally rooted! Really cool box, took me days to figure it out :slight_smile:
Thanks to everyone for the nudges.
If anyone needs help feel free to write me.
For the last part, even if you’re thirsty there are 45105 ways to do it!

Besides the poison like privesc, there is also another way to get root! Finally got it!

Hi all,

I am stuck on getting the creds for d****l. I have a RCE on the box, and have trawled through every cfg, conf, cnf file, and run enum script, but still missing something.

If anyone could give me a hint that would be appreciated. :slight_smile:

@Bscratch dont need creds for D. just use the poison way but tweak it to suit what u need.

rooted, this might have been one of my favorite boxes idek why, just a really good flow to it from beginning to user to root : )

@3x0z said:
Finally rooted! Really cool box, took me days to figure it out :slight_smile:
Thanks to everyone for the nudges.
If anyone needs help feel free to write me.
For the last part, even if you’re thirsty there are 45105 ways to do it!

Thank you…
But bro, this is a spoiler

Anyone PM me regarding PrivEsc from w**-d*** to d*****? I think i have looked through every config file on the box. Tried searching every keyword i can think of relating to ssh/password/privatekeys etc… Ran enum scripts/pspy etc…

Hi

Can anyone give me some pointers for priv escalation? I think I have found the water thing that everyone is talking about but not sure what to try next??

Thanks