Could some one give me some hints as to what to do after getting in with a first user? I see a user text but dont have the user to get to it. Also not sure on priv esc. Thanks!
@Underworld said:
Could some one give me some hints as to what to do after getting in with a first user? I see a user text but dont have the user to get to it. Also not sure on priv esc. Thanks!
I would say lookout deep into the bottom and see what can u find.
Lol fanks. Got user.
I got user and root but not shell (root), i found the password of root. I try to crack (john the ripper) the password but I could not.
Someone can give me a hint to crack it.
Yea Iām actually in the same boat. Pwned user and root, but didnāt manage to crack. Iām guessing Hashcat might do the trick from reading various posts. I tried a bunch of wordlists but no luck.
Did someone change the password for the users? Come on!
Any hints on initial foothold, i have enumerated all the ports, found users, using msf auxilary module, but canāt use any of the users to login with.
Just got the root.txt. Keep things simple!!!
@xxizocxx said:
@nm0s0 said:
Just got the root.txt. Keep things simple!!!DO you get the root shell?
No, just the key. Nope, getting the root shell it wasnāt my goal but if I have enough time Iāll try for it. There is some popular method but on Solaris involve a command you canāt execute.
If anyone need some hints feel free to PM.
@mafioso1823 said:
Any hints on initial foothold, i have enumerated all the ports, found users, using msf auxilary module, but canāt use any of the users to login with.
I was in the same boat so I feel you. The problem is that the enumeration of ports doesnāt seem to be reliable. I had someone else run a scan with the same options and they got what I was looking for. Once you can get a true successful scan on all ports, youāll be moving on fast.
Just got root.txt. Enumeration is the key for initial foothold. Next donāt break your brain on privesc and back to basics. Feel free to PM if needed
I think there is something f*cked up with the machineā¦
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?
Any one else getting āssh target does not support password authā when messing with ssh? Manually connecting askes for a password, hydra keeps erroring outā¦
@3x0z said:
I think there is something f*cked up with the machineā¦
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?
3x0z. Thereās nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.
@PercyJackson35 said:
Any one else getting āssh target does not support password authā when messing with ssh? Manually connecting askes for a password, hydra keeps erroring outā¦
A) See comment below yours regarding setting the proper key exchange during negotiation, not sure if hydra supports those type of options?
B ) You do not need to brute force services for authentication
C) PM me if you want hints
finally got root. alas, this box was far away to be a fun experience. sorry to say.
@nm0s0 said:
3x0z. Thereās nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.
Thanks for the clarification. Not always safe to say whatās intended and what isnāt.
Any help in getting the root.txt, been thinking of the comments here that you can get it without root privilages and you just need a command to get it. Hitting wall here need a push. Pls pm me. thanks
finally got itā¦ ā ā ā ā ā¦