Hawk

191012141518

Comments

  • PTDPTD
    edited September 2018

    no problem - think its down to some tool dossing the box

    ZaphodBB

  • I have one question if somebody can help me and I will very very appreciate it. How do you know the exact length of the key? I decoded the base64 and I just know it's salted, however, I have no clue about which bit length I can use, should I try all of them? I guess I will repeat at least 5 * 14344392 times if I have a bad luck and I have used rockyou.txt. English is not my first language, sorry for some error.

  • Got user finally! Now to see if I can figure out root or not...

  • edited September 2018

    I figured out how to read root.txt but where is that config file..

    edit: Got root. Also, the problem was Water console session. After dropped current session, i logged inside. Then it was easy. Pm me if you need help

    Hack The Box

  • Rooted

    Quite straight forward in the end, looks like i was doing everything the right way

    Unfortunately its spoilt by some idiots who deface pages or change passwords - there is no need !

    This is an intresting box - root is quite a bit easier than user access

    Cant give any more hints - its pretty much all here on the forum but feel free to PM

    ZaphodBB

  • Got user. Good box.

  • Got user. Learned a lot.

  • This box was fun! What a journey. PM for hints if you need it

  • I got user without decrypting that ************nc file. Is that file needed to access root?

  • Really having trouble dealing with this enc file, could someone PM me for some help??? thanks

  • this box was fun! PM if anyone stuck :)

    menoetius
    | OSCP |

  • @toteu said:
    I got user without decrypting that ************nc file. Is that file needed to access root?

    No

  • Should I crack the h2 login password for more using? I'm struggling at some steps

  • Rooted, nice box. Quite tricky. Got root without the poison like solution :)

  • Rooted. For those of you that have a problem with last step of privesc, if you are looking on the login page of interesting service and you also have Poison like access... The login process could be very trivial if you don't focus only on the login credentials but also on the referenced file. Ask yourself, is url in form referring to something, what actually exists? If it is not, can we change that?

    Hope this helps because this was for me the most tricky thing in this otherwise cool machine.

  • edited September 2018

    Guys the "exploit" on searchsploit doesn't work for me...i tried with Daniel and with the "water stream"...any hints ?

    Edit: Rooted! Someone was messing with root.txt file or smt..

  • I'm going to lose my mind. I cracked the ***nc within a few minutes but can't for the life of me figure out what to do with my new-found creds.

    Some hint via PM would be appreciated.

  • edited September 2018

    Any hint on which c***** & d***** to use when cracking the .enc file? Have build a python script but it doesn't seem to work after 2+ days of trying

    center

  • @ccma40 said:
    I'm going to lose my mind. I cracked the ***nc within a few minutes but can't for the life of me figure out what to do with my new-found creds.

    Some hint via PM would be appreciated.

    So, it seems (based on PM feedback) that I've likely got the right creds, but they are not working on the form that should take them. If anyone can PM me with a particular URL it would be appreciated...I feel like my box is jacked

  • edited September 2018

    Rooted, learnt a lot.

    For those in trouble with this box, these are my hints:

    • for the enc file, "go for bruteforcing"
    • once you access the web portal, google for a way of reversing
    • for root, you need creds in a certain file that it's pretty straightforward to find
    • poison way

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • Rooted.

    If anyone is interested in sharing, I'd love to know about the poison way with creds. I know how that would be done, but I got root without going that way, so I guess there are two ways to get root. If you did it the poison way I'd love to talk.

    If anyone else is stuck and needs some direction, I'm happy to help. Feel free to PM me.

    sixtonspacefly

  • edited September 2018

    Edit: nvm, It was in my face all the time.

    sckull

  • Rooted!!

    If anybody knows about any different ways to receive shell when you are root or user that would be awesome what an amazing box and absolutely new skill with this one

  • Anyone care to pm me some details on decrypting the file? Got most of it I think would like to know if I'm way off before I bury more time. I figure, File > B***** > A***** >profit. But stuck with the last step for some reason.

  • Just managed to crack the encrypted file - did not find that easy at all. Feel free to PM, working on a user shell now.

    Disloquer

  • could someone please give me a pm to check if what im doing to get root.txt is right? I think i got it, but "nothing happens"

    raystr

  • @raystr said:
    could someone please give me a pm to check if what im doing to get root.txt is right? I think i got it, but "nothing happens"

    Got it! messed up the last part for way to long.

    raystr

  • Jeez I'm baffled here... Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root... Used same method as previous box forwarding through tunnel but maybe I'm not privileged to view the data I want?
  • edited September 2018

    @3s073r1k said:
    Jeez I'm baffled here... Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root... Used same method as previous box forwarding through tunnel but maybe I'm not privileged to view the data I want?

    search for mannual exploitation of known vulnerability relates to console on google

  • @loopspell said:

    @3s073r1k said:
    Jeez I'm baffled here... Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root... Used same method as previous box forwarding through tunnel but maybe I'm not privileged to view the data I want?

    search for mannual exploitation of known vulnerability relates to console on google

    Thanks 👍

Sign In to comment.