Fortune

145679

Comments

  • I agree with the general consensus here, this was super fun. Root took me longest even though I was close from the beginning. Thanks @AuxSarge for the box.

  • edited June 2019

    Stuck at the entry, will appreciate some directions without giving away too much. Please PM.

    Edit: Ideas just wait around to come up as soon as I post for help.

  • edited June 2019

    Does any one encountered "cannot access" error on mounted inner file system? Or maybe it should be mounted somehow in a special way?

    EDIT: Never mind, debug sayed that resource was busy, and my ssh key got revoked.

  • where do you found the encryption key ?
    found h****s and c******.p* but not the encryption key !
    i appreciate a dm .

  • Finally rooted. Some advice, first comment hopefully I dont spoil anything:

    User:
    Nothing too crazy. I could not personally get 443 to load with firefox even with the c**********s installed, so don't be afraid to use curl and the appropriate flags. If you can make it that far you can figure out what to do.

    Root:
    I will say the advice to pg****n running on your system is good. If you're still stuck try to see if there were any major changes to the interesting files in the project that might make you wonder how they did things before. I installed a newer version and when I noticed the differences I had the box rooted 5 minutes later.

    Hack The Box

  • edited June 2019

    Anyone that could PM me regarding the last steps for user?

    Edit: Managed to solve my issues with a server reset.

    CEH | Red Team

  • Type your comment

  • For user: Web enumeration and figuring out port 443 are going to be essential. B*** S**** is your friend.

    Root: The "changes" comment made above by @brasky is a good one. You can easily insert your own code into "the file" as well that will give you what you need...

    PM if you feel like you need hints. Rooted this box quite a while ago but still willing to help if needed :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Can anyone help with root on this box? I have the needed script, and trying to reverse the hashes, but I can't figure it out. Help appreciated!

  • Anyone around for a chat about privesc? I think I have all the pieces but I'm struggling to put it together. I installed a local instance of the software but didn't see an obvious difference.

  • edited July 2019

    Type your comment> @penumbra said:

    Anyone around for a chat about privesc? I think I have all the pieces but I'm struggling to put it together. I installed a local instance of the software but didn't see an obvious difference.

    Install it locally!!! I was struggling putting all the pieces together before I started playing around with it locally.

    Edit: https://linuxhint.com/install-pgadmin4-ubuntu/

  • Can someone explain how i can extract hashes from that admin instance? I tried modifying file handling hashing, but always get syntax errors, unexpected line breaks and other python stuff.

  • I feel like I'm so close to decrypting the hash. I have a python script ready to go, and it runs fine. But the output appears as non-unicode. I've debugged it all the way back to the initial base64 function call, but even there it comes back as gibberish.

    What am I missing?

  • Finally rooted.
    User: Fuzzing is very easy but a bit tricky. I did not think in that way at the beginning :wink:
    Root: What B** tells you is the key.

  • any hints for "be the one you want to be"? i am looking at the flask app code for ssh key generation and also see the remote select command in ssh debug mode... can't connect the dots :cold_sweat: :smiley:

  • edited July 2019

    So I think I'm missing some piece of the puzzle for root...

    I have my own custom script to decrypt the hashes, but I'm getting garbage text as output. I've tried various things as keys, but nothing seems to work.

    The only thing I can think of is the storage directory in the appsrv dir, which is only readable by b__. Is this important for this? If so, how do I log in as b__? I have S__ for c*****.

  • user was too easy, got it in almost 1/h or 1.3/h.
    if you needed help, PM me :)

    Root Here I come.

  • Hey guys, I am stuck at root. got some hashes from pg*****.d*. but can't decrypt team. anyone willing to help, please PM me.

  • edited July 2019

    Great machine, I really liked it. A bit confusing the retrieval of the root password, but rest I enjoyed it.
    Tip for root.

    Not always a Key is called Key
    Also you just need the p****.d* file on your machine and a bit of python fu. Installing the whole app is absolutely a waste of time.

    Macte nova virtute, puer, sic itur ad astra.

  • Great machine, although user was a bit too easy, but very fun...

    Need Hints PM me.

  • I've got user, and I think I've got the info I need for root. When I run the appropriate function I get unreadable text out. Any nudges?

  • edited July 2019

    I'm having no luck finding the "RCE" bug. If someone could PM me and help out I would appreciate it. I've got some usernames and enumerated all services I think, but I must be missing something obvious because I don't see any way at all to get the remote machine to do anything.

    Edit: Oh thanks, I found the bug :-)

  • edited July 2019

    For those struggling with root, what helped me was going to github and reading the source for p*****n. No cracking required, no need to install locally. I did copy bits of source code to run locally. Make sure you have the hint from B** in hand first.

    Feel free to PM for hints.

  • edited July 2019

    i'm got root, but i don't understood : why key is h**h? i think that i needed p******d

  • Can any one help me where can i start ?

  • edited July 2019

    Nice box, made it way to difficult for myself on the root part xD

    center

  • Hi Folks,
    Need your help. I managed to get login to the lower port via ssh as nf****r. Trying to mou*** but failed with an error as "failed admnistrator". COuld you please help me with some documentation for the same.

  • Type your comment> @pawanjswalhtb said:

    Hi Folks,
    Need your help. I managed to get login to the lower port via ssh as nf****r. Trying to mou*** but failed with an error as "failed admnistrator". COuld you please help me with some documentation for the same.

    Are you using sudo and/or are you root on your own machine?

    center

  • I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

    Mech

  • Type your comment> @mech said:

    I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

    In the home of the user, there's another file. It's contents tell you what you need to look to start.

    I'm in the next step... Think I have the things to decrypt, but can't find the encrypting algorithm... If someone can help, would be appreciated.
    I tried to crack'em with john but no luck either.

    ompamo

Sign In to comment.