Hawk

Rooted! thanks for the nudge @BoiteAKlou !
This box man :slight_smile: will never forget these lessons

Got root, great box, thanks @mrh4sh

Got root, thanks @ZaphodBB ! I would like to give some hints.

  1. When you try to decrypt the file, dont use the github tool, write a script. If you have the problem with one output file per password sort them by size.

  2. If you have access to this one service, google which configuration files the service has.

  3. You can get code execution by changing the configuration.

  4. You dont need a reverse shell. All files are in common places.

Got root. Turns out there are two ways to do this box, one is a little more manual than the other. This can cause a lot of the hints here to be confusing. If you feel like you’re really close, you probably are, you’re probably just overlooking something very simple like I was (seems that’s always the case).

Thanks again to the people who helped me. :slight_smile:

alright, i have to admit i don’t get it :stuck_out_tongue:
all the services i enumerated are refusing connections, the web page seems to be a red herring. i am totally lost. i have no idea where that encrypted file should be everyone is talking about. any clues?
nevermind, i got the encrypted file. i just didn’t read properly, gaaaah

Can someone give me hint, actually I m in final stage of prevesc, i could not find h2 db name and credentials to exploit

Can someone send me a PM about decrypting the file? I have the tool (i think) but struggling to decrypt it, tried a lot.

Do you need to make a user account on D****l to progress to get user? whenever i try it says it cant send the email to create the account.

Any hints would be appreciated.

Thanks!

Could someone PM to make sure I have the right tool from Git Hub? It’s not working for me.

Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :frowning:

Rooted! In fact a very interesting machine! I enjoyed it a lot! A good mix of Crypto, Exploit and Common Sense techniques.

@hermajordoctor said:
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :frowning:

It’s not empty.

I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.

Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.

EDIT: To all those who said ‘don’t overthink it’, you weren’t kidding. Onto privesc…

@jfredett said:
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.

Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.

Keep looking, there’s a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.

Spoiler Removed - egre55

Spoiler Removed - egre55

Folks, go with your instincts and don’t worry about DaVinci Coding forum posts. That said there are a lot of good hints in here. Enumerate, use google, keep notes and you’ll be good to go. Nice job to the creators :+1:

Can someone ping me about decryption I want to run my commands by you and see what I am missing. Thanks

Happy to return the favor if you are stuck on something I have finished and want a nudge.

Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

@hermajordoctor said:
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

I have tried bash loop with openssl and other tool, both yield no legible results with my settings. I am sure it is just a cli arg that has to be right but I have tried a lot of permutations of cipher and digest no progress yet, including with the Drupal7 encryption settings.

Maybe it is the wordlist?