Hint for Sunday

finally got root. alas, this box was far away to be a fun experience. sorry to say.

@nm0s0 said:

3x0z. There’s nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.

Thanks for the clarification. Not always safe to say what’s intended and what isn’t.

Any help in getting the root.txt, been thinking of the comments here that you can get it without root privilages and you just need a command to get it. Hitting wall here need a push. Pls pm me. thanks

finally got it… ■■■■… :slight_smile:

who keeps changing the f#cking password???

I was able to login…now i’m wondering how to esc privs. I found directories that contain the user.txt but I can’t access them. Looking for a pm for a nudge in the right direction.

Has anyone got a complete nmap scan of this host they can pm me, mine is either hanging at 99.99% or failing because of a reset

Very close to giving up on this box after 2 solid days. Got user but for the life of me I can’t get root. Can’t even find the freaking root.txt file!!!

HELP!!! :slight_smile:

After 5 days of intense work i got root. I’m very happy because i learned a lot from this machine. I googled a lot to reach the target… often following wrong paths, but this also helps me to improve. When you do not expect it, the solution arrives, just do not get discouraged.
No exploit need to get root. I suggest to enumerate as much as possible trying to understand as much as possible what a user can or can not do… once you understand what you can do you need to focus on this. Very interesting.

Fun box. If you are trying to modify some critical file, please consider that another people is not privesc, and you maybe are closing doors.

Hello guys , someone can help me please? i ennumerated 4 services and when i tried to connect ssh i have this error: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 i cant found the parameter to connect…

Someone can help me?

How i can get the password?

root :slight_smile: thank you all

I have a general question, how the people knows the name of the user.txt file or root.txt file? there is a documentation of this box? because i cant find it , a document or PDF or something where i can read the problem or the name of the flags… How the people knows how to find the file and the name of the file?

Takao

For user

Type below the hash that is inside the user.txt file in the machine. The file can be found under /home/{username} on Linux machines and at the Desktop of the user on Windows.

For root
Type below the hash that is inside the root.txt file in the machine. The file can be found under /root on Linux machines and at the Desktop of the Administrator on Windows.

Solaris is like a unix, soo…

Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

@9999volts said:
Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

enumerate and re enumerate all ports, you can use -p- in nmap to scan all ports in the host

@otaman said:

@9999volts said:
Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

enumerate and re enumerate all ports, you can use -p- in nmap to scan all ports in the host

Yeah but I was given that advice as well and my nmaps never finished, I had to ask someone else to get me the port list

any hint for the user.txt ? i opened it and i try cracked it or use for login and it doesnt work…

Hey All, I have been trying to do Nmap scan of Sunday but scans are taking too long. Is this normal or the machine is unstable?