Heist

Type your comment> @zfyra said:

Any hint to crack secret 5 pass?

you best ask John, he would know

@hanter said:
Hi, help user. username = Haz***?

nope

Stuck on priv esc, first windows box. Have spent a lot of time looking thru the directories need a nudge pls PM me

Finally rooted thanks to @sazouki , if anyone needs any help feel free to ping me :slight_smile:

User Owned…
Trying to Root…
Any Guide ?

For Root: I have a k**4.d* file but its locked. Am I on the right track?

OK well I have been down rabbit holes for ages now some of my own making where I thought I had way more user names than I actually did due to misreading an output.

Collected and cracked the three pw’s in the first hour and patted myself on the back even pretty sure I have worked another user name out from the posts on here but I cant pop the shell on the high port with either r**y nor can I get access on the low ports.

Sifted through everything on 80 with burp page by page including the scripts.

lost time with ruby but learnt a bunch about that on the way pretty sure that is all working at least the errors now seem to be about authentication but I am buggered if I can find the missing piece and get the initial foothold.

Pretty sure I am missing something obvious but I’ve spent hours trying combination on both the low ports and the high ones tried the imp****t script and even tried the the python method.

So can someone please PM me with a nudge?

Just got the root, there is something with the “fox” but you need to search it in the right way and right places.
Just PM me if you need a littile push!

Rooted.

This one turned out to be a bit of a pain for me. Per my last post I never got any connection to w***m to work from linux. HTTP on 80 worked fine, S*B worked fine, and the metasploit w***m_l***n module worked fine with “login success” on the proper creds.

None of the ruby tools posted here ever connecetd. With the wrong creds I got auth erros, so I was communicating with the box. With the right creds everything times out.

I had to switch to a windows 10 VM and then use En***-*******on with P****S**** to connect and get user and root.

I can’t think of a good explanation why I can be connected to the S*B share one min. then have an auth error on w***m, but then time out. Yet connect the next min. with the same creds from a windows host. If you are having problems with getting your user shell and you are sure about your creds, then try windows if you can.

Overall though, really fun box and forced me to do a ton, thanks for the good time!

Rooted !!!
If anyone need help PM me :smiley:

root owned. PM me for help

New to HTB and security domain. Done the nmap got some open ports after that got stuck. Any suggestions??

Finally got user.

Used metasploit and a python W**** shell. Both said “invalid credentials” for every user:password combination. The ruby script linked in this thread worked.

Cost me a few hours…

Rooted. ■■■■, I always forget about the things that are there but not shown to me.

Type your comment> @m4xp0wer said:

There’s a ruby module that works just fine to interact with Wi***

I can’t download this module with gem or anything, i had error everytime. any idea?

decryption the secret 5. The characters are throwing everything off. am i missing something? I can’t get john to accept it. kinda at a loss.

Rooted. Great windows machine. Tnx @MinatoTW on this challenge. PM me if you need a hint.

Rooted. Wasted total about 6 hours to trying login using metasploit and some other tools. Mentioned earlier ruby script worked well in my case. So without this metasploit issue user should be pretty easy and straitforward. Didn’t get if this a bug or a feature of the machine.

Root was much more easier, literally got it in 5 minutes just by walking through directories on the disk.

GREAT BOX

USER: Find usernames and passwords(decrypt them), find more usernames, check if you can login somewhere using all combinations(user-pass) and login. There are hints here for programs that you could use for these steps.

ROOT: Search and search, and when you find it use that to access. No need to find process, there is a much easier way, just search for it.

Type your comment> @L1vra said:

GREAT BOX

USER: Find usernames and passwords(decrypt them), find more usernames, check if you can login somewhere using all combinations(user-pass) and login. There are hints here for programs that you could use for these steps.

ROOT: Search and search, and when you find it use that to access. No need to find process, there is a much easier way, just search for it.

pm me if you stuck for hours