Fortune

Type your comment

For user: Web enumeration and figuring out port 443 are going to be essential. B*** S**** is your friend.

Root: The “changes” comment made above by @brasky is a good one. You can easily insert your own code into “the file” as well that will give you what you need…

PM if you feel like you need hints. Rooted this box quite a while ago but still willing to help if needed :slight_smile:

Can anyone help with root on this box? I have the needed script, and trying to reverse the hashes, but I can’t figure it out. Help appreciated!

Anyone around for a chat about privesc? I think I have all the pieces but I’m struggling to put it together. I installed a local instance of the software but didn’t see an obvious difference.

Type your comment> @penumbra said:

Anyone around for a chat about privesc? I think I have all the pieces but I’m struggling to put it together. I installed a local instance of the software but didn’t see an obvious difference.

Install it locally!!! I was struggling putting all the pieces together before I started playing around with it locally.

Edit: Install PgAdmin4 on Ubuntu

Can someone explain how i can extract hashes from that admin instance? I tried modifying file handling hashing, but always get syntax errors, unexpected line breaks and other python stuff.

I feel like I’m so close to decrypting the hash. I have a python script ready to go, and it runs fine. But the output appears as non-unicode. I’ve debugged it all the way back to the initial base64 function call, but even there it comes back as gibberish.

What am I missing?

Finally rooted.
User: Fuzzing is very easy but a bit tricky. I did not think in that way at the beginning :wink:
Root: What B** tells you is the key.

any hints for “be the one you want to be”? i am looking at the flask app code for ssh key generation and also see the remote select command in ssh debug mode… can’t connect the dots :cold_sweat: :smiley:

So I think I’m missing some piece of the puzzle for root…

I have my own custom script to decrypt the hashes, but I’m getting garbage text as output. I’ve tried various things as keys, but nothing seems to work.

The only thing I can think of is the storage directory in the appsrv dir, which is only readable by b__. Is this important for this? If so, how do I log in as b__? I have S__ for c*****.

user was too easy, got it in almost 1/h or 1.3/h.
if you needed help, PM me :slight_smile:

Root Here I come.

Hey guys, I am stuck at root. got some hashes from pg*****.d*. but can’t decrypt team. anyone willing to help, please PM me.

Great machine, I really liked it. A bit confusing the retrieval of the root password, but rest I enjoyed it.
Tip for root.

Not always a Key is called Key
Also you just need the p****.d* file on your machine and a bit of python fu. Installing the whole app is absolutely a waste of time.

Great machine, although user was a bit too easy, but very fun…

Need Hints PM me.

I’ve got user, and I think I’ve got the info I need for root. When I run the appropriate function I get unreadable text out. Any nudges?

I’m having no luck finding the “RCE” bug. If someone could PM me and help out I would appreciate it. I’ve got some usernames and enumerated all services I think, but I must be missing something obvious because I don’t see any way at all to get the remote machine to do anything.

Edit: Oh thanks, I found the bug :slight_smile:

For those struggling with root, what helped me was going to github and reading the source for p***n. No cracking required, no need to install locally. I did copy bits of source code to run locally. Make sure you have the hint from B in hand first.

Feel free to PM for hints.

i’m got root, but i don’t understood : why key is hh? i think that i needed p****d

Can any one help me where can i start ?

Nice box, made it way to difficult for myself on the root part xD