Hint for Sunday

@evilcall said:
Hi I am very stuck , I don’t know what I have to do to get user shell… Maybe rockyou brutefoce over users is the way ?

Please some hints

Hi, here some hints:

  • Enumerate with nmap(high ports).
  • One service will give you first user info. To get ssh shell with first user you must think easy (HTB default). Test with logical passwords, you have it in front of you.

rooted, any one need help, just pm me. Thanks @Ompamo for the help

is it normal that this box disconnects me for broken pipe?
is somebody fucking me for the lulz?

Nah, I think that’s normal. It’s done that to me almost constantly for two weeks. Makes it hard to try anything for sake of having to reconnect every two minutes. It’s finally behaving for me today, but I might have just gotten lucky.

Got root…pm me if you need help…

having trouble gaining root access, if someone could shoot me a hint that’d be great. Preciate you!

@xcredence said:
having trouble gaining root access, if someone could shoot me a hint that’d be great. Preciate you!

Working on privesc too and feel im close… want to compare notes and work on it ?

Finally rooted, thanks @Draco123

Can someone give the list of open ports? Have tried several diffferent approaches to scan the ports but nothing is working properly… Thanks.

EDIT:
Nvm got it working now

Looks like the service with “high port number” is crashing constantly, last 2hrs is unavailable.

Hi everyone,

I’m pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i’m bad at guessing since im not getting in… Does someone have any ideas?

@Henkmeteenhoed said:
Hi everyone,

I’m pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i’m bad at guessing since im not getting in… Does someone have any ideas?

Yes you can guess it very easily, I can only give you hint that password is in lowercase.

@ki11oFF said:

@Henkmeteenhoed said:
Hi everyone,

I’m pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i’m bad at guessing since im not getting in… Does someone have any ideas?

Yes you can guess it very easily, I can only give you hint that password is in lowercase.

I’m afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris… Am i forgetting something haha?

@Henkmeteenhoed said:

@ki11oFF said:

@Henkmeteenhoed said:
Hi everyone,

I’m pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i’m bad at guessing since im not getting in… Does someone have any ideas?

Yes you can guess it very easily, I can only give you hint that password is in lowercase.

I’m afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris… Am i forgetting something haha?

It’s realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.

Hi. I was able to list users.
By accident, I discovered the sammy user and discovered all the numbered ports.
But I can not find any way to RCE.
Some help?

@ki11oFF said:

@Henkmeteenhoed said:

@ki11oFF said:

@Henkmeteenhoed said:
Hi everyone,

I’m pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i’m bad at guessing since im not getting in… Does someone have any ideas?

Yes you can guess it very easily, I can only give you hint that password is in lowercase.

I’m afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris… Am i forgetting something haha?

It’s realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.

I got it! haha, im sure i tried this before, but guess i made a typo. Thanks for your help though!

@fvconi1991 said:
Hi. I was able to list users.
By accident, I discovered the sammy user and discovered all the numbered ports.
But I can not find any way to RCE.
Some help?

There is no way to RCE.
Please read my and Henkmeteenhoed last comment’s and you will know what to do next

got user after two days…looking for priv esc now…

I am inside the first user. Still can find any priv esc ideas. It should be easy, but. Help me pls, I’m stuck.

finally got root…thanks to all