@deda1mraz said:
It looks like that there’s and issue with hashcat, it recognizes hash go trough rockyou and does not crack it… JTR works but there’s ‘special’ version that you need to find, works with
Yes, absolutely special version, and I had to compile it instead of using the existing same version, so weird…
Got it. Will admit I’m slightly salty. I forget that these are contrived boxes, so I forget that you’ll actually find these issues. The answer btw is on the very first page. Also the way you get user, also pretty much tells you what method you use to get root.txt.
Can someone PM me for help on getting root? I’m 99% sure I have the hash, but my tools aren’t liking the hash.
Edit: nevermind, I got the tool to start accepting the hash, but will I need a GPU to crack it? I left it running overnight on my laptop, and after 9 hours it was only .39% complete.
Edit: got root. A little salty that this box relied on knowing and having the right tool to finish it out, but an otherwise awesome box!
Anyone please point me in the right direction, I got user flag already. I feel like everyone on this thread has a password hash except me lol. Just a point in the right direction. reading documentation on the tools all of them seem to assume I have Admin user/pass… I must be missing something
Since no one wrote it :
Be careful hashcat can’t handle properly 32bit construct at this time, and will compile a 64 bit kernel no matter what the underlying architecture behind it, giving you bogus result for this type of hash.
The correct format for jtr is $k*****s$23$salt$hash . I won t say more, but i hope it will save time on bogus problem without spoiling.
The box is easy if u know what to do and how to do it (not my case)
For user, enumeration is the key. Once you find the service, just poke around.
1.1 After you find some files, read them all…one will pop up since it contains user info.
1.2 Google the file and you’ll know how to crack the password
For root, you’ll have to interact with another service. This was tricky for me since I didn’t know much about it.
2.1 The forum posts and google will lead you to a red tool.
2.2 Google what the tool is doing and you’ll learn a lot about it
Agree with others. This was an enjoyable box from the point of view its real world. I personally had not used one of the tools before to get the required K******. Nice learning experience. Feel free to PM me if I can help anyone.
I have user already, but I’m about to go crazy because I’ve been trying to find out why a certain Ruby Script works without an IV (for a certain cipher) but when I try to use Op***l from the commandline it wont work without an IV. Crypto is not my strong suite, so I’d really appreciate it if someone could PM me and explain to me how the ruby script works (I’ll send it to you over PM, as not to spoil anything) without needing an IV. Thanks!
User.txt took me a short time, Trying to get root now but im totally stuck. Last thing i got isa .b** file with surely useful information in it. But its in screwed format. Not like in Base64 or anything else i saw before. Tried to open it with different extensions but none of them worked. I can really use a hint or advice right now Thanks
I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks
Update: NVM i found hashcat for windows and can do it in 30 mins now
@NullDay said:
I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks
Update: NVM i found hashcat for windows and can do it in 30 mins now
hi,I have no ideas how to be root,can you give me some hint
@NullDay said:
I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks
Update: NVM i found hashcat for windows and can do it in 30 mins now
hi,I have no ideas how to be root,can you give me some hint
id tell you how to get root through hacking K******* but am having my sunday Roast so i think you need to figure out the Principal of hacking a certain service