Hawk

Rooted, learnt a lot.

For those in trouble with this box, these are my hints:

  • for the enc file, “go for bruteforcing”
  • once you access the web portal, google for a way of reversing
  • for root, you need creds in a certain file that it’s pretty straightforward to find
  • poison way

Rooted.

If anyone is interested in sharing, I’d love to know about the poison way with creds. I know how that would be done, but I got root without going that way, so I guess there are two ways to get root. If you did it the poison way I’d love to talk.

If anyone else is stuck and needs some direction, I’m happy to help. Feel free to PM me.

Edit: nvm, It was in my face all the time.

Rooted!!

If anybody knows about any different ways to receive shell when you are root or user that would be awesome what an amazing box and absolutely new skill with this one

Anyone care to pm me some details on decrypting the file? Got most of it I think would like to know if I’m way off before I bury more time. I figure, File > B***** > A***** >profit. But stuck with the last step for some reason.

Just managed to crack the encrypted file - did not find that easy at all. Feel free to PM, working on a user shell now.

could someone please give me a pm to check if what im doing to get root.txt is right? I think i got it, but “nothing happens”

@raystr said:
could someone please give me a pm to check if what im doing to get root.txt is right? I think i got it, but “nothing happens”

Got it! messed up the last part for way to long.

Jeez I’m baffled here… Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root… Used same method as previous box forwarding through tunnel but maybe I’m not privileged to view the data I want?

@3s073r1k said:
Jeez I’m baffled here… Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root… Used same method as previous box forwarding through tunnel but maybe I’m not privileged to view the data I want?

search for mannual exploitation of known vulnerability relates to console on google

@loopspell said:

@3s073r1k said:
Jeez I’m baffled here… Crossed that river to quench my thirst, logged in to console and went through all the data but nothing to get into root… Used same method as previous box forwarding through tunnel but maybe I’m not privileged to view the data I want?

search for mannual exploitation of known vulnerability relates to console on google

Thanks ?

Has anyone else had a problem with a php reverse shell? I leave netcat listening, and I get a connection, and then it closes immediately. On the web front, it says connection refused.

@sh3lbst3r said:
Has anyone else had a problem with a php reverse shell? I leave netcat listening, and I get a connection, and then it closes immediately. On the web front, it says connection refused.

Try another one

So I got the file cracked using my own trivial script like others have done, it seems. But what is wrong with the github tool b*********-s*****-o******? Seems to be the right tool for the job, and the syntax is simple? Not that it is a very big deal, but maybe someone would be kind enough to tell me in private a syntax that allows the tool to work? Might be nice to know.

Anyone wanna PM me a hint for the initial access vector? Drupal seems to be a rabbit hole

Need a hint on privesc, tunnelled access to the console, struggling to find an exploit/creds…pls PM! Thanks

This MACHINE SHOULD OF BEEN 50 points who agree with me took me 5 weeks to get user/root at last thanks waspy and pzylence

for assisting me i am bit disapointed this machine is 100 times harder then mischief i think they should of increased the points for it :slight_smile: just my

Got a shell with w… user but I need an ssh user. can’t find d… password. Where to look?? I think I enumerated all the box… please PM an hint… thanks

@th3C0untZ3r0 said:

Got a shell with w… user but I need an ssh user. can’t find d… password. Where to look?? I think I enumerated all the box… please PM an hint… thanks

The ‘password’ is in plaintext somewhere on the box

Rooted. Very interesting box. Looking back, it ended up not being as difficult as I thought it was or was treating it to be. But it can cause some overthinking. If anyone needs a push in the right direction, just PM me.