Hawk

alright, i have to admit i don’t get it :stuck_out_tongue:
all the services i enumerated are refusing connections, the web page seems to be a red herring. i am totally lost. i have no idea where that encrypted file should be everyone is talking about. any clues?
nevermind, i got the encrypted file. i just didn’t read properly, gaaaah

Can someone give me hint, actually I m in final stage of prevesc, i could not find h2 db name and credentials to exploit

Can someone send me a PM about decrypting the file? I have the tool (i think) but struggling to decrypt it, tried a lot.

Do you need to make a user account on D****l to progress to get user? whenever i try it says it cant send the email to create the account.

Any hints would be appreciated.

Thanks!

Could someone PM to make sure I have the right tool from Git Hub? It’s not working for me.

Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :frowning:

Rooted! In fact a very interesting machine! I enjoyed it a lot! A good mix of Crypto, Exploit and Common Sense techniques.

@hermajordoctor said:
Spent the last few hours trying to enumerate this machine. Tried bruteforcing the drupal site and accessing the F** server. However the F** is empty, no files inside :(. Anyone can drop a hint on how to proceed? Getting frustrated :frowning:

It’s not empty.

I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.

Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.

EDIT: To all those who said ‘don’t overthink it’, you weren’t kidding. Onto privesc…

@jfredett said:
I’m quite stuck, I’ve got a reverse shell, and I was able to find creds to get into the DB, but if there is some file out there with d******'s creds in it, I haven’t been able to find it.

Still, not bad for only my first box without too much help. Any hints on where to look for d*****'s creds conf file? I’ve got lots of enumeration done, but despite how thirsty I am, I don’t think I’ll be able to drink any dihydrogen monoxide till I find out where these things are at.

Keep looking, there’s a file that contains some plaintext information. You have to actually read through it though, it would be easy to miss if you skimmed too fast.

Spoiler Removed - egre55

Spoiler Removed - egre55

Folks, go with your instincts and don’t worry about DaVinci Coding forum posts. That said there are a lot of good hints in here. Enumerate, use google, keep notes and you’ll be good to go. Nice job to the creators :+1:

Can someone ping me about decryption I want to run my commands by you and see what I am missing. Thanks

Happy to return the favor if you are stuck on something I have finished and want a nudge.

Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

@hermajordoctor said:
Can someone give me some hints on decryption, I’ve tried using openssl and it takes hours to go through rockyou.txt even with a multi threaded python script.

I have tried bash loop with openssl and other tool, both yield no legible results with my settings. I am sure it is just a cli arg that has to be right but I have tried a lot of permutations of cipher and digest no progress yet, including with the Drupal7 encryption settings.

Maybe it is the wordlist?

cracked thanks to some help, not hard, just requires a working version of o*****l :astonished:

Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too…as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level…hints would appreciated trough pm thanks anyone

I’ve got the user flag and d***** password, I can’t figure out the priv esc. Please dm hints.

Edit rooted

@inspek said:
Must be blind by now got user.txt but cant secure myself to the other side must overthinking it and i like aliases but im in the cloud there too…as goes for www-data got that shell atm but privesc from that seems too unachievable for my skills level…hints would appreciated trough pm thanks anyone

nvm got the creds needed to secure m yself on the other side , python console now comes the h20 path