Hi all,
So I have the hashes but cannot get any program to process them, I keep getting errors indicating the formatting is wrong. Is there anyone I can PM?
FORGET: Got it but took a great deal of trial and error! :-)
Hey, everyone. I'm still pretty new at this, but I've got the second user and user flag, and now I'm just working on root. I'm pretty sure I know which tool I have to use to get there, and I've found a couple things in the man pages for it that look like they have potential, but that's where I'm hitting a dead end.
I'm prob just being noobsauce and overthinking it, but if anyone's got a minute to give a nudge in the right direction, I'd be real thankful.
Edit: Figured out what I needed to do, and am making progress with it. Pretty sure my issue now is just syntax.
Hi all, need some help with this as its really starting to frustrate me as its probably something simple. Where i am so far is i found the high port, i guessed (htb default) 1 of the accounts (su****). I can see the txt file but I cannot read it and don't know what to do to read it. i assume it involves the sa**** account. if someone could DM and offer some assistance with what to do next please
@evilcall said:
Hi I am very stuck , I don't know what I have to do to get user shell.. Maybe rockyou brutefoce over users is the way ?
Please some hints
Hi, here some hints:
Enumerate with nmap(high ports).
One service will give you first user info. To get ssh shell with first user you must think easy (HTB default). Test with logical passwords, you have it in front of you.
Nah, I think that's normal. It's done that to me almost constantly for two weeks. Makes it hard to try anything for sake of having to reconnect every two minutes. It's finally behaving for me today, but I might have just gotten lucky.
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
Yes you can guess it very easily, I can only give you hint that password is in lowercase.
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
Yes you can guess it very easily, I can only give you hint that password is in lowercase.
I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
Yes you can guess it very easily, I can only give you hint that password is in lowercase.
I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?
It's realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.
Hi. I was able to list users.
By accident, I discovered the sammy user and discovered all the numbered ports.
But I can not find any way to RCE.
Some help?
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
Yes you can guess it very easily, I can only give you hint that password is in lowercase.
I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?
It's realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.
I got it! haha, im sure i tried this before, but guess i made a typo. Thanks for your help though!
@fvconi1991 said:
Hi. I was able to list users.
By accident, I discovered the sammy user and discovered all the numbered ports.
But I can not find any way to RCE.
Some help?
There is no way to RCE.
Please read my and Henkmeteenhoed last comment's and you will know what to do next
Comments
Nudged myself ...got the second cred ...but now the ssh service is getting DDOS'd ...no need to bruteforce the service to get this box.
Anyone want to give a N00b a push on the method to push the flag back to socket ...know basic concept but syntax is being problematic ..hit me via PM
Yes it is possible.
Finally got root ...tried to get way to fancy... thanks to @Draco123 ...for the final push
I finally got root.txt... thanxs @Draco123 !!!
Hi all,
So I have the hashes but cannot get any program to process them, I keep getting errors indicating the formatting is wrong. Is there anyone I can PM?
FORGET: Got it but took a great deal of trial and error! :-)
Hey, everyone.
I'm still pretty new at this, but I've got the second user and user flag, and now I'm just working on root. I'm pretty sure I know which tool I have to use to get there, and I've found a couple things in the man pages for it that look like they have potential, but that's where I'm hitting a dead end.
I'm prob just being noobsauce and overthinking it, but if anyone's got a minute to give a nudge in the right direction, I'd be real thankful.
Edit: Figured out what I needed to do, and am making progress with it. Pretty sure my issue now is just syntax.
Hi I am very stuck , I don't know what I have to do to get user shell.. Maybe rockyou brutefoce over users is the way ?
Please some hints
Hi all, need some help with this as its really starting to frustrate me as its probably something simple. Where i am so far is i found the high port, i guessed (htb default) 1 of the accounts (su****). I can see the txt file but I cannot read it and don't know what to do to read it. i assume it involves the sa**** account. if someone could DM and offer some assistance with what to do next please
Hi, here some hints:
rooted, any one need help, just pm me. Thanks @Ompamo for the help
is it normal that this box disconnects me for broken pipe?
is somebody fucking me for the lulz?
Nah, I think that's normal. It's done that to me almost constantly for two weeks. Makes it hard to try anything for sake of having to reconnect every two minutes. It's finally behaving for me today, but I might have just gotten lucky.
Got root..pm me if you need help...
having trouble gaining root access, if someone could shoot me a hint that'd be great. Preciate you!
Working on privesc too and feel im close.... want to compare notes and work on it ?
Can someone give the list of open ports? Have tried several diffferent approaches to scan the ports but nothing is working properly... Thanks.
EDIT:
Nvm got it working now
Looks like the service with "high port number" is crashing constantly, last 2hrs is unavailable.
Hi everyone,
I'm pretty stuck for a long time now. I found this high port, found users, found a way to get in. But not the password. I read on this forum it is an easy password. (i can guess it?) I think i'm bad at guessing since im not getting in... Does someone have any ideas?
Yes you can guess it very easily, I can only give you hint that password is in lowercase.
I'm afraid the password is changed since i tried all the obvious things. Should i brute force it somehow?
(i tried all the names of the users, the name of the box, everything that has to do with a sun and solaris... Am i forgetting something haha?
It's realy hard to give you hint without telling you password, but you tried right thing, so combine it with my previous advice about lowercase and try again.
Hi. I was able to list users.
By accident, I discovered the sammy user and discovered all the numbered ports.
But I can not find any way to RCE.
Some help?
I got it! haha, im sure i tried this before, but guess i made a typo. Thanks for your help though!
There is no way to RCE.
Please read my and Henkmeteenhoed last comment's and you will know what to do next
got user after two days....looking for priv esc now...
I am inside the first user. Still can find any priv esc ideas. It should be easy, but. Help me pls, I'm stuck.
finally got root...thanks to all
If somebody get this error
Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Use putty and u will resolve the problem