Hint for Sunday

Could some one give me some hints as to what to do after getting in with a first user? I see a user text but dont have the user to get to it. Also not sure on priv esc. Thanks!

@Underworld said:
Could some one give me some hints as to what to do after getting in with a first user? I see a user text but dont have the user to get to it. Also not sure on priv esc. Thanks!

I would say lookout deep into the bottom and see what can u find.

Lol fanks. Got user.

I got user and root but not shell (root), i found the password of root. I try to crack (john the ripper) the password but I could not.
Someone can give me a hint to crack it.

Yea Iā€™m actually in the same boat. Pwned user and root, but didnā€™t manage to crack. Iā€™m guessing Hashcat might do the trick from reading various posts. I tried a bunch of wordlists but no luck.

Did someone change the password for the users? :expressionless: Come on!

Any hints on initial foothold, i have enumerated all the ports, found users, using msf auxilary module, but canā€™t use any of the users to login with.

Just got the root.txt. Keep things simple!!!

@nm0s0 said:
Just got the root.txt. Keep things simple!!!

DO you get the root shell?

@xxizocxx said:

@nm0s0 said:
Just got the root.txt. Keep things simple!!!

DO you get the root shell?

No, just the key. Nope, getting the root shell it wasnā€™t my goal but if I have enough time Iā€™ll try for it. There is some popular method but on Solaris involve a command you canā€™t execute.
If anyone need some hints feel free to PM.

@mafioso1823 said:
Any hints on initial foothold, i have enumerated all the ports, found users, using msf auxilary module, but canā€™t use any of the users to login with.

I was in the same boat so I feel you. The problem is that the enumeration of ports doesnā€™t seem to be reliable. I had someone else run a scan with the same options and they got what I was looking for. Once you can get a true successful scan on all ports, youā€™ll be moving on fast.

Just got root.txt. Enumeration is the key for initial foothold. Next donā€™t break your brain on privesc and back to basics. Feel free to PM if needed

I think there is something f*cked up with the machineā€¦
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?

Any one else getting ā€œssh target does not support password authā€ when messing with ssh? Manually connecting askes for a password, hydra keeps erroring outā€¦

@3x0z said:
I think there is something f*cked up with the machineā€¦
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?

3x0z. Thereā€™s nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.

@PercyJackson35 said:
Any one else getting ā€œssh target does not support password authā€ when messing with ssh? Manually connecting askes for a password, hydra keeps erroring outā€¦

A) See comment below yours regarding setting the proper key exchange during negotiation, not sure if hydra supports those type of options?

B ) You do not need to brute force services for authentication

C) PM me if you want hints

finally got root. alas, this box was far away to be a fun experience. sorry to say.

@nm0s0 said:

3x0z. Thereā€™s nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.

Thanks for the clarification. Not always safe to say whatā€™s intended and what isnā€™t.

Any help in getting the root.txt, been thinking of the comments here that you can get it without root privilages and you just need a command to get it. Hitting wall here need a push. Pls pm me. thanks

finally got itā€¦ ā– ā– ā– ā– ā€¦ :slight_smile: