Hawk

11213141517

Comments

  • edited November 2018
    Got the file, but tried the contents in 3 ways found from scan and could not get in, hmm.
  • Can anyone PM me a hint - as far as I can tell I've decrypted the .enc file for a password but I have no clue what user / where I'm meant to actually use it...

  • I need help with privilege escalation could someone please guide me

  • I got root flag finally. I really enjoyed this box. Thanks @pat for hint :)
  • Would anyone mind giving a nudge on where to find the pw for D*****. Got a reverse shell on the machine and ive looked through any file that i can come to think of.
    Thanks

  • > @stigxenon said:
    > Would anyone mind giving a nudge on where to find the pw for D*****. Got a reverse shell on the machine and ive looked through any file that i can come to think of.
    > Thanks

    var/www/html/sites/default
    Try hope yoy found
  • i got. root if u need help. pm me . but pls send your messages on main page.

  • Any hint for user? I already know FTP allows anon logins, but there are no files... only a folder "messages" with nothing inside of it.

  • @Ac1d0 said:
    Any hint for user? I already know FTP allows anon logins, but there are no files... only a folder "messages" with nothing inside of it.

    Check the folder again.

  • edited November 2018

    --NVM

    xeto

  • Well, even If I enable the passive mode on my FTP I'm getting no file in the dir "messages"... IDK :|

  • @Ac1d0 said:
    Well, even If I enable the passive mode on my FTP I'm getting no file in the dir "messages"... IDK :|

    maybe the file is not directly visible?

    SCP
    CEH, OSCP

  • @scp said:

    @Ac1d0 said:
    Well, even If I enable the passive mode on my FTP I'm getting no file in the dir "messages"... IDK :|

    maybe the file is not directly visible?

    That's a nice hint, but I'm stuck the same... I also tried activating the "passive" mode but nothing to do :pensive:

  • edited November 2018

    Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

    *logged to ftp as anonymous user
    *ftp is empty
    *site runs Drupal 7.58?
    *found an drupal exploit, but must be authenticated

  • @4tl4a5 said:
    Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

    *logged to ftp as anonymous user
    *ftp is empty
    *site runs Drupal 7.58?
    *found an drupal exploit, but must be authenticated

    Sure that FTP is empty?

    xeto

  • edited November 2018

    Any hints for getting a shell? I was able to read the UserFlag but cant establish a stable shell :(. Tried so many things now. Implemented an Uploader, Used all Metasploit Exploits etc. Please hint :(

    EDIT.. nvm just forgot necessary nc parameter :astonished:

    xeto

  • Hello, could someone give me a pm to help me with privilation escalation? Thanks in advance

    Hack The Box

  • @xeto said:
    Sure that FTP is empty?

    How dumb of me.

    Just got user flag. I was able to login as the user d*****, but it prompt as a python shell.

    Any advice? Thank you.

  • edited November 2018

    @4tl4a5 said:

    @xeto said:
    Sure that FTP is empty?

    How dumb of me.

    Just got user flag. I was able to login as the user d*****, but it prompt as a python shell.

    Any advice? Thank you.

    How can you execute Linux commands with python? Thatś all you need to escape.

    xeto

  • edited November 2018

    Any hints for Privesc? Im cant find anything : /

    xeto

  • Finally rooted, was a really good box. PM me for help if you're stuck. Hints about poison really gave me the right direction to move thanks.
    ikuamike

    ikuamike

  • @xeto said:

    @4tl4a5 said:
    Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

    *logged to ftp as anonymous user
    *ftp is empty
    *site runs Drupal 7.58?
    *found an drupal exploit, but must be authenticated

    Sure that FTP is empty?

    i found txt.enc file...

  • I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

    LordeDestro

  • I am new trying to learn please help?
    i got nothing can someone guide me

  • @alakshendra143 said:
    I am new trying to learn please help?
    i got nothing can someone guide me

    if you want my progress till now am i alowed to share ?

  • > @LordeDestro said:
    > I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

    Read the decrypted message. You have a hint as to where can you use that information.

    Draco123

  • Just got root. If you need any advice feel free to pm

    xeto

  • > @LordeDestro said:
    > I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

    Read Carefully , What Writes There
  • @Amzker said:
    > @LordeDestro said:
    > I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

    Read Carefully , What Writes There

    @Draco123 said:
    > @LordeDestro said:
    > I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

    Read the decrypted message. You have a hint as to where can you use that information.

    I have access to the portal. lets see what i can do now

    LordeDestro

  • fuck.........subprocess

    LordeDestro

Sign In to comment.