@ghroot said:
Can someone help to me about encrypted file?
Bruteforce it
is there a way to identify the encryption that has been used?
or you go by trial and error?
both, look into what the application that made that file uses, and probably their default values.
That was the most helpful clue here.
BTW. can somebody, who already got root explain one thing to me in PM?
i did some stuff and can access this service, that is available from the localhost only.
i logged in there using default credentials. however, i did not have an idea how to leverage it for the root that time.
then, when i figured it out the password was not working anymore. does somebody keep changing it, or maybe i need to look for them somewhere on the machine?
Would really appreciate a nudge here on what I should be focusing on after decrypting the file and logging in to the portal on port 80. Seems vulnerable to everything and nothing…
Good god after trying for two days i realize that d***** password was changed! Anyway now im logged in as user but i have python shell any hints on how to get a bash shell? or any tips in any form are appreciated.
I’ve exploited the ■■■■ outta the box by now i just need root, heck i even got a meterpreter running!
Got root, thanks @ZaphodBB ! I would like to give some hints.
When you try to decrypt the file, dont use the github tool, write a script. If you have the problem with one output file per password sort them by size.
If you have access to this one service, google which configuration files the service has.
You can get code execution by changing the configuration.
You dont need a reverse shell. All files are in common places.
Got root. Turns out there are two ways to do this box, one is a little more manual than the other. This can cause a lot of the hints here to be confusing. If you feel like you’re really close, you probably are, you’re probably just overlooking something very simple like I was (seems that’s always the case).
alright, i have to admit i don’t get it
all the services i enumerated are refusing connections, the web page seems to be a red herring. i am totally lost. i have no idea where that encrypted file should be everyone is talking about. any clues?
nevermind, i got the encrypted file. i just didn’t read properly, gaaaah
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated
@hermajordoctor said:
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.
Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.
EDIT: To all those who said ‘don’t overthink it’, you weren’t kidding. Onto privesc…
@jfredett said:
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.
Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.
Keep looking, there’s a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.