Hint for Sunday

11415171920

Comments

  • Has anyone got a complete nmap scan of this host they can pm me, mine is either hanging at 99.99% or failing because of a reset

  • Very close to giving up on this box after 2 solid days. Got user but for the life of me I can't get root. Can't even find the freaking root.txt file!!!!

    HELP!!!!! :)

  • After 5 days of intense work i got root. I'm very happy because i learned a lot from this machine. I googled a lot to reach the target... often following wrong paths, but this also helps me to improve. When you do not expect it, the solution arrives, just do not get discouraged.
    No exploit need to get root. I suggest to enumerate as much as possible trying to understand as much as possible what a user can or can not do... once you understand what you can do you need to focus on this. Very interesting.

    Maxxx

  • Fun box. If you are trying to modify some critical file, please consider that another people is not privesc, and you maybe are closing doors.

  • Hello guys , someone can help me please? i ennumerated 4 services and when i tried to connect ssh i have this error: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 i cant found the parameter to connect...

    Someone can help me?

  • edited September 2018

    How i can get the password?

  • root :) thank you all

  • I have a general question, how the people knows the name of the user.txt file or root.txt file? there is a documentation of this box? because i cant find it , a document or PDF or something where i can read the problem or the name of the flags... How the people knows how to find the file and the name of the file?

  • Takao

    For user

    Type below the hash that is inside the user.txt file in the machine. The file can be found under /home/{username} on Linux machines and at the Desktop of the user on Windows.

    For root
    Type below the hash that is inside the root.txt file in the machine. The file can be found under /root on Linux machines and at the Desktop of the Administrator on Windows.

    Solaris is like a unix, soo...

  • edited September 2018

    Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

  • @9999volts said:
    Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

    enumerate and re enumerate all ports, you can use -p- in nmap to scan all ports in the host

  • @otaman said:

    @9999volts said:
    Is ssh port the key? I cannot find a port in order to connect, all ports that i see are finger and rpc. So, i can enumerate. Are there another hidden port? How can i find another port? Something to read?

    enumerate and re enumerate all ports, you can use -p- in nmap to scan all ports in the host

    Yeah but I was given that advice as well and my nmaps never finished, I had to ask someone else to get me the port list

  • any hint for the user.txt ? i opened it and i try cracked it or use for login and it doesnt work...

  • Hey All, I have been trying to do Nmap scan of Sunday but scans are taking too long. Is this normal or the machine is unstable?

    Draco123

  • @Draco123 said:
    Hey All, I have been trying to do Nmap scan of Sunday but scans are taking too long. Is this normal or the machine is unstable?

    is a little normal

  • edited September 2018

    My nmap scan is taking too long. I just read past comments and see that many have faced this issue. Is someone willing to inbox me the whole port scan output?

    Draco123

  • Finally got root!!! Man that was a mind f#ck!!

    You don't need to modify ANY files and it really screws up other users when you do.

  • I need some hint for next phase. I have names of users and have used f****r in all possible ways to enumerate. Can someone please pm me as to how should I Login. Please Inbox me.

    Draco123

  • @Draco123 said:
    I need some hint for next phase. I have names of users and have used f****r in all possible ways to enumerate. Can someone please pm me as to how should I Login. Please Inbox me.

    Hint : whats the name of this box.

    Hack The Box

  • Finally got the root flag. After spending a whole day I have to admit that this was an interessting box. I can confirm that it is not necessary to modify any files of the box.

  • Hey, guys. Ssh port in the machine is? I scan, scan, rescan, and i dont find it.. A hint by pm please. I found another unknown ports, but how can discover services on those ports... They dont react to ssh connection.

  • Is the SSH connection terrible or is it just me? I can barely type

    jamesa

  • Hello, I am pretty new to this, I've followed a few of ippsec's videos for retired machines and Jerry was the first active machine I managed to pwn without using a walkthrough. Having some trouble with Sunday though.

    I ran nmap and found 2 open ports but haven't found a way to gain access to the machine using those ports. I enumerated the users using one of the ports but don't know how to proceed. I am currently running nmap on every single port (tcp&udp) on the machine but as expected it is taking quite some time.

    Am I going in the right direction or am I wasting my time? Are there still ports that weren't found with my initial scan? I realize now that enumerating the udp ports might be useless but I don't want to restart the scan.

  • For people who are complaining about finding only two ports...try harder.
    For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
    For people complaining about priv esc..realize there are other ways about going about it.
    For people stuck on obtaining root, think about how you can enumerate further with that privileged user.

    Finally got user & root

  • edited September 2018

    I got user, but, any tips for priv esc? maybe suid or another technique? pm please

  • I have a question: this is my second machine, I am at vip lab but when I was first started to work with Sunday, someone was in the machine already (u know what i mean), after I did reset machine, no one was seeming as logged in at machine and I couldnt find that username again with normal enumeration ways. My question is that: can I normally find that username with different enumerations (I have already found more than 2 ports open, but...)? or should I wait that user will log in to system automatically??? (Because without finding that username myself will be spoiler itself :) )

    Wainright

  • can anyone give me nmap results for this machine mine is taking 4ever

  • Ok, I got root.txt, but should you also be able to access the box as root user? Could someone clarify that for me, please?

  • @Planetxort said:
    For people who are complaining about finding only two ports...try harder.
    For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
    For people complaining about priv esc..realize there are other ways about going about it.
    For people stuck on obtaining root, think about how you can enumerate further with that privileged user.

    Finally got user & root

    In getting root, w**t is the program that will help me?

  • @Takao said:
    In getting root, w**t is the program that will help me?

    Yes, read through the options on the man page. Keep in mind that if a program errors, often it will give you information on what lead to that error.

Sign In to comment.