Hawk

Finally rooted, was a really good box. PM me for help if you’re stuck. Hints about poison really gave me the right direction to move thanks.
ikuamike

@xeto said:

@4tl4a5 said:
Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

*logged to ftp as anonymous user
*ftp is empty
*site runs Drupal 7.58?
*found an drupal exploit, but must be authenticated

Sure that FTP is empty?

i found txt.enc file…

I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

I am new trying to learn please help?
i got nothing can someone guide me

@alakshendra143 said:
I am new trying to learn please help?
i got nothing can someone guide me

if you want my progress till now am i alowed to share ?

@LordeDestro said:
I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

Read the decrypted message. You have a hint as to where can you use that information.

Just got root. If you need any advice feel free to pm

@LordeDestro said:
I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

Read Carefully , What Writes There

@Amzker said:

@LordeDestro said:
I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

Read Carefully , What Writes There

@Draco123 said:

@LordeDestro said:
I decrypted drupal.enc.txt and got password and possible user d***el but when i ssh using that its saying permission denied

Read the decrypted message. You have a hint as to where can you use that information.

I have access to the portal. lets see what i can do now

■■■■…subprocess

Got root today.
Interesting machine.

Got user, enjoyed this box - onto root
If you’d like any pointers drop me a message

Edit: rooted! Learned a lot from this box - definitely a fun one

Got root today, thanks to xeto and ikuamike for the help. You can ping me for help!

ive got user access, and im able to sign into locally running service but i cant seem to figure out PrivEsc to save my life. any hints to save my sanity would be much appreciated

nice. got root. had alot of trouble with the .b**** file. i managed to get it but still would like to better understand what happened and how i can approach such things in the future.

root was easy for me as i had everything i needed already because i tried exploiting exactly that for initial foothold and failed. very fun setup i learned alot form this.

I’m at the initial file decryption stage. I know the tool that was used, and I can script up iterating through passwords. My question is on the algorithm. Am I supposed to iterate through that too, or is there a hint somewhere else that is publicly accessible on this box as to what algorithm was used?

So I ran through a script with rockyou and a particular algorithm. I got a password that did not throw a “bad decrypt” error, but I still have gibberish. I’ve seen all “digest” hints, and I know vaguely what those are referring to. But as I understand it, those are one-way mathematical functions that cannot be reversed. So, I’m not sure how to apply that to this process.

Any help would be greatly appreciated. Cryptography has never been my strong suit.

Can anyone give a nudge for root?

So I found out that openssl will “decrypt” this file with more than one password. Meaning, depending on the algorithm and the password chosen, you won’t get a decrypt error. But, if you have the wrong algorithm, the file is still gibberish.

Any help for decrypting the famous file will be gladly appreciated.