Kryptos

13

Comments

  • edited June 2019

    So I've RCE and found something in the home directory that is encrypted using a "weak method" but I can't wrap my head around how to decrypt that. I'm trying to throw rockyou at it using some Python tool but that'll take forever and isn't guaranteed to work. I've also manually tried everything that looks like a password in the other files I found. Any hints where to look?

    /Edit: Nevermind got user. Hint for others: Attack the weak crypto but don't try to brute the file's password...

    image

  • Type your comment

  • Can anyone give a nudge in the login page, I see a token and a Database in the input, but don't know how to reverse it

  • I loved it. Somehow every step was logical and I didn't get stuck for too long on anything, whilst actually learning a lot. @no0ne @Adamm thank you guys, had tons of fun.

    PM for hints. :-)

  • Rooted. Amazing box! Most fun I had so far

  • Finally rooted. That was fun! And frustration, but mostly fun :)
    Hint for user: straight forward, everything might be done without bruteforcing. Google errors, google ciphers, google vulnerabilities ... you will get it.
    Hint for root: Internet is not always right ...

  • This was the best bypass I've ever seen in my life ...

    morph3

  • This box has me pulling my hair out. I have no idea how to get the initial foothold

  • Type your comment> @N30C0UNT said:

    This box has me pulling my hair out. I have no idea how to get the initial foothold

    me too :(

  • Fun machine, got root!

  • edited June 2019

    Spoiler Removed

  • Is it just me, or did the first step/foothold take longer than rooting the box, lol. Great box!!! But I did lose a patch of hair on my head because of the frustration of this box.

  • edited June 2019

    is the key in sqlite_test_page.php ?

  • Can anyone help me for the initial foothold? I've got some interesting error messages, but can't find any attack vectors...

  • This machine is awesome! Haven't "gotten" root yet, but I have my notes written and know what I need to do once I'm off work, so consider this box pwned!

    Thanks for the box @no0ne and @Adamm, it was legit!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @nitrow said:

    Can anyone help me for the initial foothold? I've got some interesting error messages, but can't find any attack vectors...

    same boat :)

  • This was honestly the best HTB box I've done so far. I had a lot of fun going through the box. Every step was super logical there was no guessing involved. Thanks for creating such an amazing box @no0ne and @Adamm ! Hope you create more boxes in the future.

  • edited June 2019

    Excellent machine. A bit ctf-like, especially root. And playing ctf could really help in this box :)
    Thanks for the box @no0ne @Adamm . Great job!

  • Passed the login and i can see some things i probably shouldn't but nothing much and in-depth. Any pointers would be welcome...

    you got to eat shit to know shit

  • edited July 2019

    edit : NVM I got it :)

  • edited July 2019
    edit: nvm
  • finally got root. This has been my fav machine so far, so much fun :-)

  • Will a standard wordlist work on cracking a file i found by using a python cracker i also found?

    you got to eat shit to know shit

  • Can really use someone's help on getting a shell on this box. I feel like I've tried everything. If I can dm somebody, that'd be great.
    Also, dm me if you need help with bypassing the login page.

  • Wow, what a ride :) very very nice machine, learned a lot. Thanks @no0ne and @Adamm for the work here.

    • User : All you need is in the login portal. If there is some parameter that is working strange, investigate what is that field and the response given. After that there are interesting tools that would give you some extra information. The process until getting user is long but it deserves. Thanks a lot to @NPCMaster and @farbs for helping here.

    • Root: This is a tricky part, I had the solution but lost a lot of time because it worked sometimes. Now I understand why :tongue:

  • edited July 2019

    Never been stuck for the very initial step for so long on a machine... and despite the errors I can google, no idea how to bypass the login.
    I know this machine is prolly beyond my current level, but so many people say it's awesome that I am (was) keen to give it a go anyway...

    halfluke

  • still stucking at last step, both signature and builtin miss are huge questions here...

    any help plz pm me, thx

  • edited July 2019

    logged in... the greatest and most mindbending thing I've seen so far, .

    halfluke

  • edited August 2019

    how to decrypt c****.*** ??

    edit : rooted :smiley:

  • any help? I stuck

Sign In to comment.