Heist

Stuck on cracking $1 pass, any hint?

Root owned.

I’m not sure what people meant by “weird processes running” or “look for output” but in my case what would have saved me some time is this piece advice: “If you find a password, make sure to try it everywhere !!”

Feel free to PM me for hints if you like, thanks to the creator for a fun machine.

What a wonderful machine :slight_smile:

For user: the password is right in front of you. You just need to find the username.

For root: look for what is running and extract its data.

The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I’m not sure why did someone mention it in here …

Type your comment> @Ryan412 said:

What a wonderful machine :slight_smile:

For user: the password is right in front of you. You just need to find the username.

For root: look for what is running and extract its data.

The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I’m not sure why did someone mention it in here …

The SHA-256 is merely a pointer… I wouldn’t bother trying to crack it. Look at the running processes on the machine instead.

.

Root was fun, finding user was a pain checking out all the credentials.

guys, need help for user, I’ve usernames and passwords but it won’t allow me to login on higher port.

My first own on both user and root!

User: This is the real struggle. Just dont give up, you are probably closer than you think.
Root: I may have done root wrong. It was too easy.

You are in the right path, but maybe you have to find the user who matches the passwords. @nospace

Watch the processes that will help you later. :wink: @badman89

Spoiler Removed

Rooted , that was a good box.

Learned a lot about Power Shell. The below will help in searching all files to get something useful.

Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)

Rooted! Nice box.
User is all about enumeration.
Root is straightforward.

Hints in the current thread are sufficient to get you both.

Type your comment> @D4nch3n said:

for root, is the k***.** file a rabbit hole? There doesn’t seem to be a l****.**** file to go with it…

I have the same problem, only found the k***.b file, did not find the l**.*n file, how to get the information I need?

Rooted, great box, pen-testing basics only

User: enumerate, crack, harvest, test your loot, find the missing pieces, all clues are there and here in the thread

Root: 10 minutes if you enumerate, nothing fancy

Happy to help if you tell me what you’ve already got and are NOT asking a question that’s already answered in here :slight_smile:

Rooted
downloaded 4xx mb of file just for the pw
but it was fun!

Rooted, great box.
Thanks @Akl for that:
“Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)”
Feel free to PM if stack.

I seem to have a ruby issue any one know how to fix

/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:39: warning: constant OpenSSL::Cipher::Cipher is deprecated
/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:128: warning: constant OpenSSL::Cipher::Cipher is deprecated

cant seem to use either ruby script

have 3 cleartexts and 4 users but am stuck by this

I’ve had user for a week… not sure what I’m looking for… It might because of the shell i have, but my user doesnt have permissions to see running processes. looked in the both program file folders, nothing stands out. Can someone nudge me in the right direction.