okay this config file- I don’t know where you guys are finding a password in plain text; I’ve looked through enum scrips; did lots of manual enum; like lots and lots of manual enum… grepped everything for ‘pass’ or ‘password’ also; find / -name “config”/“password” etc etc… went back to my nmap… looked through all the directories disallowed… i’m just like… lost where is this plain text password… someone said it was straight forward… O.o …
I can’t tunnel without some ssh cred action… used curl to check out the H2… but I can’t do anything with it.
…atleast from my current understanding… help guys?
@drUIdmoz said:
okay this config file- I don’t know where you guys are finding a password in plain text; I’ve looked through enum scrips; did lots of manual enum; like lots and lots of manual enum… grepped everything for ‘pass’ or ‘password’ also; find / -name “config”/“password” etc etc… went back to my nmap… looked through all the directories disallowed… i’m just like… lost where is this plain text password… someone said it was straight forward… O.o …
I can’t tunnel without some ssh cred action… used curl to check out the H2… but I can’t do anything with it.
…atleast from my current understanding… help guys?
I hope this isn’t to much of a spoiler. But maybe you should check where the config settings are stored for the CMS this server is running.
@Amzker said:
I Founded User d**** In SSH
But For Password I Used 10M Pass List But Cant FInd Any
Also No Drupal Exploit Work
any Help
Or Passlist Hint
@drUIdmoz said:
okay this config file- I don’t know where you guys are finding a password in plain text; I’ve looked through enum scrips; did lots of manual enum; like lots and lots of manual enum… grepped everything for ‘pass’ or ‘password’ also; find / -name “config”/“password” etc etc… went back to my nmap… looked through all the directories disallowed… i’m just like… lost where is this plain text password… someone said it was straight forward… O.o …
I can’t tunnel without some ssh cred action… used curl to check out the H2… but I can’t do anything with it.
…atleast from my current understanding… help guys?
I hope this isn’t to much of a spoiler. But maybe you should check where the config settings are stored for the CMS this server is running.
I have to be looking right over this, or right at it… but I’m just not seeing it.
@drUIdmoz said:
okay this config file- I don’t know where you guys are finding a password in plain text; I’ve looked through enum scrips; did lots of manual enum; like lots and lots of manual enum… grepped everything for ‘pass’ or ‘password’ also; find / -name “config”/“password” etc etc… went back to my nmap… looked through all the directories disallowed… i’m just like… lost where is this plain text password… someone said it was straight forward… O.o …
I can’t tunnel without some ssh cred action… used curl to check out the H2… but I can’t do anything with it.
…atleast from my current understanding… help guys?
I hope this isn’t to much of a spoiler. But maybe you should check where the config settings are stored for the CMS this server is running.
I have to be looking right over this, or right at it… but I’m just not seeing it.
finally decrpting .enc file is done but then what ?!?!
I have tried to login web interface and/or ssh with default usernames and found password but no luck!! Is that password maybe wrong? but i have tried at decryption process all type of d***** at that tool and i found just one password.
Having some trouble with the file you get from f**. I know what it contains, and I’ve done the first step, got the tool that everyone talking about, but I don’t know the encryption type, so I made a bash script to recursively go through each one. The script runs, but it’s stopping after checking the very first algorithm.
Can someone take a look at my bash script and see if they can figure out what I’m doing wrong?
EDIT: I figured it out. I put in a break and it was halting the script after the first algorithm!
what a fun box, went right through the front door, no tools, got the .enc havent bothered with it yet, got user, then my vpn connection dropped and I lost my foothold for root priv esc. oh well, be back at it tomorrow.
i have decrypted the file, got some info from this, but i don’t know where to use them… i don’t know how to take advantage of the w**-p*****… pm would be appreciated.
EDIT: found that, working on root now
Again i am replying my own question , but of course thanks for little tips at the road…
For .enc file decrypting: after found a candidate password, i was not knowing anything about this description aim. I was using that password at website, ssh or other services. So if you are at same position, read about those decryption purposes and what is that password should be used for???
For privesc: it was a different environment and different shell type for me. For this box, “most didnt like part” for me was finding credential of d***** ssh user, i hope there is another way of finding this password, after that i didnt read root.txt with Poison like method, i worked locally and drink some h2o i tried Poison like method but i couldnt execute any commands from my own remote box, we can discuss our methods if anyone PMs. Thanks for this box, it was a long journey @mrh4sh
@Wainright said:
finally decrpting .enc file is done but then what ?!?!
I have tried to login web interface and/or ssh with default usernames and found password but no luck!! Is that password maybe wrong? but i have tried at decryption process all type of d***** at that tool and i found just one password.
hi,
I have user.txt and I am able to login d***** account with credentials over ssh. But after that I am not able to reach the root.txt. How do I connect to h2o? pm would be appreciated.
Thanks in advance
Hello everyone. This was my first box. I tried for almost a week to get started and then I realized I was an idiot and that the .enc file was there all the time.
After a while I got root.txt.
Problem is I didn’e get root and I’d like to do it.
Some suggestions on privesc?
EDIT:
Nevermind, I found this → hxxps://github.com/Hackplayers/hackthebox-writeups/tree/master/machines/Hawk
anyone got some hints on the h20 login? I’m pretty sure i know how to proceed but need a correct Auth on that? Can someone give me a bit oif a hint on that?
— NVM, rooted… Was goin down the wrong Path, man i should watch out where i step…