Rooted! thanks for the nudge @BoiteAKlou !
This box man will never forget these lessons
Got root, thanks @ZaphodBB ! I would like to give some hints.
-
When you try to decrypt the file, dont use the github tool, write a script. If you have the problem with one output file per password sort them by size.
-
If you have access to this one service, google which configuration files the service has.
-
You can get code execution by changing the configuration.
-
You dont need a reverse shell. All files are in common places.
Got root. Turns out there are two ways to do this box, one is a little more manual than the other. This can cause a lot of the hints here to be confusing. If you feel like you’re really close, you probably are, you’re probably just overlooking something very simple like I was (seems that’s always the case).
Thanks again to the people who helped me.
alright, i have to admit i don’t get it
all the services i enumerated are refusing connections, the web page seems to be a red herring. i am totally lost. i have no idea where that encrypted file should be everyone is talking about. any clues?
nevermind, i got the encrypted file. i just didn’t read properly, gaaaah
Can someone give me hint, actually I m in final stage of prevesc, i could not find h2 db name and credentials to exploit
Can someone send me a PM about decrypting the file? I have the tool (i think) but struggling to decrypt it, tried a lot.
Do you need to make a user account on D****l to progress to get user? whenever i try it says it cant send the email to create the account.
Any hints would be appreciated.
Thanks!
Could someone PM to make sure I have the right tool from Git Hub? It’s not working for me.
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated
Rooted! In fact a very interesting machine! I enjoyed it a lot! A good mix of Crypto, Exploit and Common Sense techniques.
@hermajordoctor said:
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated
It’s not empty.
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.
Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.
EDIT: To all those who said ‘don’t overthink it’, you weren’t kidding. Onto privesc…
@jfredett said:
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.
Keep looking, there’s a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.
Spoiler Removed - egre55
Spoiler Removed - egre55
Folks, go with your instincts and don’t worry about DaVinci Coding forum posts. That said there are a lot of good hints in here. Enumerate, use google, keep notes and you’ll be good to go. Nice job to the creators
Can someone ping me about decryption I want to run my commands by you and see what I am missing. Thanks
Happy to return the favor if you are stuck on something I have finished and want a nudge.
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.
@hermajordoctor said:
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.
I have tried bash loop with openssl and other tool, both yield no legible results with my settings. I am sure it is just a cli arg that has to be right but I have tried a lot of permutations of cipher and digest no progress yet, including with the Drupal7 encryption settings.
Maybe it is the wordlist?