Hawk

@moony8272 said:

@0xlc said:

@moony8272 said:

@0xlc said:

@moony8272 said:

@0xlc said:

@moony8272 said:
Hi

Can anyone give me some pointers for priv escalation? I think I have found the water thing that everyone is talking about but not sure what to try next??

Thanks

did you use The Channel Tunnel?
Channel Tunnel - Wikipedia

Hi

Thanks for the reply, I did but not sure what to do with it unless I’m missing something??

just look on google if the app you are reaching got any flaws…

I have tried the flaws that I found on google using the channel_tunnel but none seem to work??

after passing the channel tunnel did you get access to the app?

yes but can’t login

very nice box…
you have to look for ALL places to find your breadcrumbs

I’ve cracked the password to decrypt a particular encoded file, but the result was gibberish. I was expecting plaintext, so I’m worried I’ve made a mistake.

I wrote a bash loop to try passwords from a file, decrypting it using the traditional command.

Can anyone tell me if I’m going the right way, or point me in the right direction?

@moony8272 said:

@0xlc said:

@moony8272 said:

@0xlc said:

@moony8272 said:

@0xlc said:

@moony8272 said:
Hi

Can anyone give me some pointers for priv escalation? I think I have found the water thing that everyone is talking about but not sure what to try next??

Thanks

did you use The Channel Tunnel?
Channel Tunnel - Wikipedia

Hi

Thanks for the reply, I did but not sure what to do with it unless I’m missing something??

just look on google if the app you are reaching got any flaws…

I have tried the flaws that I found on google using the channel_tunnel but none seem to work??

after passing the channel tunnel did you get access to the app?

yes but can’t login

what creds did you try?

Overthinking this one - got the file decrytted - got D user and a password - no problem

Now I’m looking at a console -and all i get is
“Sorry, remote connections (‘webAllowOthers’) are disabled on this server.”

There was a console the other day i could use but nothing now - is this a rabbit hole or has someone screwed with the box again ?

@ZaphodBB said:
Overthinking this one - got the file decrytted - got D user and a password - no problem

Now I’m looking at a console -and all i get is
“Sorry, remote connections (‘webAllowOthers’) are disabled on this server.”

There was a console the other day i could use but nothing now - is this a rabbit hole or has someone screwed with the box again ?

I believe that service is configured to allow local connections only by default. If it was different when you first accessed it, then it was likely modified by a prior user who did not reset the machine. I’m sure those credentials are for a different service.

Spoiler Removed - Arrexel

no problem - think its down to some tool dossing the box

I have one question if somebody can help me and I will very very appreciate it. How do you know the exact length of the key? I decoded the base64 and I just know it’s salted, however, I have no clue about which bit length I can use, should I try all of them? I guess I will repeat at least 5 * 14344392 times if I have a bad luck and I have used rockyou.txt. English is not my first language, sorry for some error.

Got user finally! Now to see if I can figure out root or not…

I figured out how to read root.txt but where is that config file…

edit: Got root. Also, the problem was Water console session. After dropped current session, i logged inside. Then it was easy. Pm me if you need help

Rooted

Quite straight forward in the end, looks like i was doing everything the right way

Unfortunately its spoilt by some idiots who deface pages or change passwords - there is no need !

This is an intresting box - root is quite a bit easier than user access

Cant give any more hints - its pretty much all here on the forum but feel free to PM

Got user. Good box.

Got user. Learned a lot.

This box was fun! What a journey. PM for hints if you need it

I got user without decrypting that ************nc file. Is that file needed to access root?

Really having trouble dealing with this enc file, could someone PM me for some help??? thanks

this box was fun! PM if anyone stuck :slight_smile:

@toteu said:
I got user without decrypting that ************nc file. Is that file needed to access root?

No

Should I crack the h2 login password for more using? I’m struggling at some steps