Redcross

Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

Type your comment> @InfoSecGuy23 said:

Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

I’d like to figure that out too lol… Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the “desired” user or ad*** no luck…

I’d like to figure that out too lol… Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the “desired” user or ad*** no luck…

Nevermind, looks like I don’t really need those, just the g***t should be enough…

I’ve read on this thread that cracking the hashes with john for at least one user would take less than 5mn… Been at it for hours. This is for c****** user

lduros:redcross$ /usr/sbin/john --format=b**** c******
Using default input encoding: UTF-8
Loaded 1 password hash (b***** [B***** 32/64 X3])
Cost 1 (iteration count) is 1024 for all loaded hashes
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
Proceeding with incremental:ASCII

Has anyone really made this work? I’ll keep trying with different lists…

stuck at www-data with lots of interesting information

A good box @ompamo. A lot of guesswork at first, but when you know what to do, its all clear. Root was rough for me. Thanks to those who gave small nudges

Hi my friends,
i am lost in redcross :frowning: i found the page where i can login to the i****.redcross.***
but i have no idea where to get the name or the password. i thoght to hydra but thats should not the way i think. Gobuster or all the other tools for webenumeration found nothing.
Can someone give me a push in the right direction please ?

Hi
I have seen the haa s* server and i know the m** exploit for it but the paramerts srvhost and srvport are not letting me run it. Can anyone tell me as to how to solve it?
Thank you

I was not able to do the BoF and was pointed in another direction. As a result I managed to create a user with gid=0 however I still cannot read root.txt as permissions are

-rw-------

If someone want to PM me that didn’t do BoF I would be grateful

EDITED

Never mind, rooted. Thanks to everyone that gave hints

i’m stuck at an.*****.htb. I found pma subdir but not able to proceed further. Am I going down a rabbit hole if I continue probing pma, or am I going the right direction?

finnaly got root, by the p**l change my user’s group to get high permission, but u have another way to get root, plz pm i want to know that way.

I have the hashes and cracked one of them. But I can’t find the other login. I’ve tried 10k sub prefixes. What am I missing?

Nvm: I’ve was looking for something that I’had already found…

can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

Type your comment> @B1ngDa0 said:

can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

I’m in the same situation. I’m trying the BOF too but failed so far.

Can someone give me a pointer on the sin technique. I’m getting an error and it looks like it can be done. I haven’t gotten anything useful from sp. Maybe there’s a setting or something I’m missing.

Got root before I got user, this box was way easier than I thought it was going to be so not sure if it was the intended way.

Hit me up if you need any pointers.

Pm if anyone needs help with root?

Finally rooted, if you need any nudge or hint, please PM me. Im glad to help you. :wink:

I logged in at i**** as g****, I retrieved all the messages but I can’t find any credentials, also found the second login page a**** but guessing didn’t work out! Using sp with the address in the i is causing the server to ban me for a minute.

I’ve been stuck for a few days… I’m trying to crack the password hashes for a few days… I have some of the lower level users… But am stuck on this… I tried crackstaion and a few others but no luck… Am I on the wrong path or just need to wait until it cracks the important one?

Edit
@bl4sph3m thanks for the hint on moving forward…