Hawk

So I found out that openssl will “decrypt” this file with more than one password. Meaning, depending on the algorithm and the password chosen, you won’t get a decrypt error. But, if you have the wrong algorithm, the file is still gibberish.

Any help for decrypting the famous file will be gladly appreciated.

Any hints for privesc ? I can visit the page of H2 console. But no idea how to login.

@73rry said:
Any hints for privesc ? I can visit the page of H2 console. But no idea how to login.

I’ll PM you.

@Gwizwold said:
Can anyone give a nudge for root?

is there anything running as root?

After a careful search I found the file, but now I have a problem with the decryption.
I always get bad magic number, is the wrong version of the tool?

@cyberdog2099 said:
After a careful search I found the file, but now I have a problem with the decryption.
I always get bad magic number, is the wrong version of the tool?

You’re on the right track, check your tool syntax/options

Yeah, with some tips i’ve reached the user! A little step little to the root

If anyone can help with the escalation from w*******a to d I’ll really appreciate it. Been stuck for a long time looking for anything.

Is anyone able to PM me a hint? I’m very close I think.

I have user access, did the poison type thing to get access to the console but have no credentials. I’ve found a couple of scripts that look useful even without creds, but I cannot get them to run properly.

@lichshot said:
If anyone can help with the escalation from w*******a to d I’ll really appreciate it. Been stuck for a long time looking for anything.

Never mind. I rooted it, amazing machine.

how to brute-force password of this encyrpted file?I found a code called “bruteforce-salted-openssl” but something wrong about files,cause imossible to instal it.
Any hint will be appreciated.

Thanks

@Tugzen said:
how to brute-force password of this encyrpted file?I found a code called “bruteforce-salted-openssl” but something wrong about files,cause imossible to instal it.
Any hint will be appreciated.

Thanks

yea i also got that script on github but i was not able to install it and stuck on that “MAKE INSTALL” part, so i found another solution to do that thing
don’t do that PM me i got solution :slight_smile:

hey all, so I’ve got the .enc file and successfully got the contents from that, but I’m at a loss for where to go next. I keep seeing the portal, but I have no idea where to go, anyone DM me some pointers?

Edit: rooted. Thanks all for the portal help.

edit: Owned.

Really fun box.
I got “the” file seconds after seeing my nmap results. But I spent a whole day studying on how to deal with it. Worth it at the end.

Privesc was really nice and simpler than it looks. You just need to study quite a bit on what’s running.

Okay it seems that one possible way to get the user.txt is to work with a reverse shell. I have a theory but am struggling to implement correctly. If somebody could PM me so I dont give what little I know away in the event that I’m moving in the right direction, I would be very grateful. Thankyou ahead of time!

can someone PM me from where to start ??

I could login to portal but don’t know what to do.I couldn’t find any place to upload a file or any .php file to edit for a reverse shell.

I need some hints please!

Thanks

I lloked for every conf files but still couldn’t password for Da***l.Can you please sent me PM for hint please?

Thanks

I try to find some clue from running process… need some tips