ive got user access, and im able to sign into locally running service but i cant seem to figure out PrivEsc to save my life. any hints to save my sanity would be much appreciated
nice. got root. had alot of trouble with the .b**** file. i managed to get it but still would like to better understand what happened and how i can approach such things in the future.
root was easy for me as i had everything i needed already because i tried exploiting exactly that for initial foothold and failed. very fun setup i learned alot form this.
I'm at the initial file decryption stage. I know the tool that was used, and I can script up iterating through passwords. My question is on the algorithm. Am I supposed to iterate through that too, or is there a hint somewhere else that is publicly accessible on this box as to what algorithm was used?
So I ran through a script with rockyou and a particular algorithm. I got a password that did not throw a "bad decrypt" error, but I still have gibberish. I've seen all "digest" hints, and I know vaguely what those are referring to. But as I understand it, those are one-way mathematical functions that cannot be reversed. So, I'm not sure how to apply that to this process.
Any help would be greatly appreciated. Cryptography has never been my strong suit.
So I found out that openssl will "decrypt" this file with more than one password. Meaning, depending on the algorithm and the password chosen, you won't get a decrypt error. But, if you have the wrong algorithm, the file is still gibberish.
After a careful search I found the file, but now I have a problem with the decryption.
I always get bad magic number, is the wrong version of the tool?
Non nobis Domine, non nobis, sed nomini tuo da gloriam
@cyberdog2099 said:
After a careful search I found the file, but now I have a problem with the decryption.
I always get bad magic number, is the wrong version of the tool?
You're on the right track, check your tool syntax/options
Is anyone able to PM me a hint? I'm very close I think.
I have user access, did the poison type thing to get access to the console but have no credentials. I've found a couple of scripts that look useful even without creds, but I cannot get them to run properly.
@lichshot said:
If anyone can help with the escalation from w************a to d***** I'll really appreciate it. Been stuck for a long time looking for anything.
how to brute-force password of this encyrpted file?I found a code called "bruteforce-salted-openssl" but something wrong about files,cause imossible to instal it.
Any hint will be appreciated.
@Tugzen said:
how to brute-force password of this encyrpted file?I found a code called "bruteforce-salted-openssl" but something wrong about files,cause imossible to instal it.
Any hint will be appreciated.
Thanks
yea i also got that script on github but i was not able to install it and stuck on that "MAKE INSTALL" part, so i found another solution to do that thing
don't do that PM me i got solution
hey all, so I've got the .enc file and successfully got the contents from that, but I'm at a loss for where to go next. I keep seeing the portal, but I have no idea where to go, anyone DM me some pointers?
Okay it seems that one possible way to get the user.txt is to work with a reverse shell. I have a theory but am struggling to implement correctly. If somebody could PM me so I dont give what little I know away in the event that I'm moving in the right direction, I would be very grateful. Thankyou ahead of time!
Comments
Got root today.
Interesting machine.
Got user, enjoyed this box - onto root
If you'd like any pointers drop me a message
Edit: rooted! Learned a lot from this box - definitely a fun one
Got root today, thanks to xeto and ikuamike for the help. You can ping me for help!
ive got user access, and im able to sign into locally running service but i cant seem to figure out PrivEsc to save my life. any hints to save my sanity would be much appreciated
nice. got root. had alot of trouble with the .b**** file. i managed to get it but still would like to better understand what happened and how i can approach such things in the future.
root was easy for me as i had everything i needed already because i tried exploiting exactly that for initial foothold and failed. very fun setup i learned alot form this.
I'm at the initial file decryption stage. I know the tool that was used, and I can script up iterating through passwords. My question is on the algorithm. Am I supposed to iterate through that too, or is there a hint somewhere else that is publicly accessible on this box as to what algorithm was used?
So I ran through a script with rockyou and a particular algorithm. I got a password that did not throw a "bad decrypt" error, but I still have gibberish. I've seen all "digest" hints, and I know vaguely what those are referring to. But as I understand it, those are one-way mathematical functions that cannot be reversed. So, I'm not sure how to apply that to this process.
Any help would be greatly appreciated. Cryptography has never been my strong suit.
Can anyone give a nudge for root?
So I found out that openssl will "decrypt" this file with more than one password. Meaning, depending on the algorithm and the password chosen, you won't get a decrypt error. But, if you have the wrong algorithm, the file is still gibberish.
Any help for decrypting the famous file will be gladly appreciated.
Any hints for privesc ? I can visit the page of H2 console. But no idea how to login.
I'll PM you.
is there anything running as root?
After a careful search I found the file, but now I have a problem with the decryption.
I always get bad magic number, is the wrong version of the tool?
Non nobis Domine, non nobis, sed nomini tuo da gloriam
You're on the right track, check your tool syntax/options
Yeah, with some tips i've reached the user! A little step little to the root
Non nobis Domine, non nobis, sed nomini tuo da gloriam
If anyone can help with the escalation from w************a to d***** I'll really appreciate it. Been stuck for a long time looking for anything.
Is anyone able to PM me a hint? I'm very close I think.
I have user access, did the poison type thing to get access to the console but have no credentials. I've found a couple of scripts that look useful even without creds, but I cannot get them to run properly.
Never mind. I rooted it, amazing machine.
how to brute-force password of this encyrpted file?I found a code called "bruteforce-salted-openssl" but something wrong about files,cause imossible to instal it.
Any hint will be appreciated.
Thanks
yea i also got that script on github but i was not able to install it and stuck on that "MAKE INSTALL" part, so i found another solution to do that thing
don't do that PM me i got solution
Leaning From Cracking......
hey all, so I've got the .enc file and successfully got the contents from that, but I'm at a loss for where to go next. I keep seeing the portal, but I have no idea where to go, anyone DM me some pointers?
Edit: rooted. Thanks all for the portal help.
edit: Owned.
Really fun box.
I got "the" file seconds after seeing my nmap results. But I spent a whole day studying on how to deal with it. Worth it at the end.
Privesc was really nice and simpler than it looks. You just need to study quite a bit on what's running.
Okay it seems that one possible way to get the user.txt is to work with a reverse shell. I have a theory but am struggling to implement correctly. If somebody could PM me so I dont give what little I know away in the event that I'm moving in the right direction, I would be very grateful. Thankyou ahead of time!
can someone PM me from where to start ??
I could login to portal but don't know what to do.I couldn't find any place to upload a file or any .php file to edit for a reverse shell.
I need some hints please!
Thanks
I lloked for every conf files but still couldn't password for Da***l.Can you please sent me PM for hint please?
Thanks
I try to find some clue from running process... need some tips
Non nobis Domine, non nobis, sed nomini tuo da gloriam