Fortune

Type your comment> @gregX01 said:

Looking for root hint, I have the source and have been poring over it but I think I miss some part/info that is important for decryption. Anyone care to shed some light?

The answer is in your question.

Hi, I need some hint for the “Once you are in, just be who you wanna be” thing :wink:

Edit: Never mind, I got the user :slight_smile:

anyone care to give me a hint on this one?
got some keys, made a cert, opened a site I couldn’t access before where again I can generate keypairs…
but then what…

^ never mind… had some stupid terminal glitch messing up my keys

Got root! This was a great box :slight_smile:
Thanks @Xurfcha and @p3tj3v for hints!

guys I need a nudge in last steps for root, got all secret stuff, not sure how to use it for #, needs some hint

I used dirbuster and gobuster but was unable to find the directory where I’m supposed to find the certs. Any help would be appreciated (feel free to PM me).

Awesome box! My hints:

USER:

  • Initial foothold is quite simple, just probe all the params you find.
  • You’ll need to RTFM for certs and a****f. Look for the correct format if you’re trying to import to firefox.
  • Think about the user’s name, enum the related service. Then, try to find a way to read and write to the files you need.

ROOT:

  • As many have pointed out, your best bet is to install the software locally and test. Look for the data that is being stored and compare it to the one you found. Might need some tweaks before you can find out what you need.

Feel free to PM.

I agree with the general consensus here, this was super fun. Root took me longest even though I was close from the beginning. Thanks @AuxSarge for the box.

Stuck at the entry, will appreciate some directions without giving away too much. Please PM.

Edit: Ideas just wait around to come up as soon as I post for help.

Does any one encountered “cannot access” error on mounted inner file system? Or maybe it should be mounted somehow in a special way?

EDIT: Never mind, debug sayed that resource was busy, and my ssh key got revoked.

where do you found the encryption key ?
found hs and c**.p* but not the encryption key !
i appreciate a dm .

Finally rooted. Some advice, first comment hopefully I dont spoil anything:

User:
Nothing too crazy. I could not personally get 443 to load with firefox even with the c**********s installed, so don’t be afraid to use curl and the appropriate flags. If you can make it that far you can figure out what to do.

Root:
I will say the advice to pg****n running on your system is good. If you’re still stuck try to see if there were any major changes to the interesting files in the project that might make you wonder how they did things before. I installed a newer version and when I noticed the differences I had the box rooted 5 minutes later.

Anyone that could PM me regarding the last steps for user?

Edit: Managed to solve my issues with a server reset.

Type your comment

For user: Web enumeration and figuring out port 443 are going to be essential. B*** S**** is your friend.

Root: The “changes” comment made above by @brasky is a good one. You can easily insert your own code into “the file” as well that will give you what you need…

PM if you feel like you need hints. Rooted this box quite a while ago but still willing to help if needed :slight_smile:

Can anyone help with root on this box? I have the needed script, and trying to reverse the hashes, but I can’t figure it out. Help appreciated!

Anyone around for a chat about privesc? I think I have all the pieces but I’m struggling to put it together. I installed a local instance of the software but didn’t see an obvious difference.

Type your comment> @penumbra said:

Anyone around for a chat about privesc? I think I have all the pieces but I’m struggling to put it together. I installed a local instance of the software but didn’t see an obvious difference.

Install it locally!!! I was struggling putting all the pieces together before I started playing around with it locally.

Edit: Install PgAdmin4 on Ubuntu

Can someone explain how i can extract hashes from that admin instance? I tried modifying file handling hashing, but always get syntax errors, unexpected line breaks and other python stuff.

I feel like I’m so close to decrypting the hash. I have a python script ready to go, and it runs fine. But the output appears as non-unicode. I’ve debugged it all the way back to the initial base64 function call, but even there it comes back as gibberish.

What am I missing?