Writeup

Can anyone help me with the credentials? I’ve found user, email, salt and passwd and it seems to be impossible to decode it…

Can anyone pm me ? Its been 3 days. I stuck on the user part. I am unable to bypass the T*** (D*** prote****).

Type your comment> @l3n01n3 said:

Can anyone help me with the credentials? I’ve found user, email, salt and passwd and it seems to be impossible to decode it…

Hint: crack them the way you found them … double check options you have :wink:

Guys i am really stuck
PM me for root hint:what is the way of creating C*** jobs to execute r***-***

UPDATE:
Rooted: it was a really awesome machine, and a special thanks to @DedStroK for his hints.

Got user on this machine pretty quick.

Root took me longer than it should have. i was missing something glaringly obvious. Just remember permissions are important!

Does the pass of user *** have more then 8 characters?

I’ve cloned dictonaries from github, tried a couple of them and now I’m stuck with bruteforcing the md5(salt:hash) since I don’t have adequate GPU power.

EDIT: thx for the PMs, found out that I misshandled hashcat and that it makes sense to look closer at scripts (and their build in capacities) before usage.

I’m stuck with root flag… I have launched p**y and I believe that i have seen all the relevant info but I don’t know how to use that…

Some pm with a little hint would be very useful

got user but stuck in the root. can someone explain me what to do with the p**y thing? or should i try other way? really appreciate the help.

nevermind…

Type your comment> @salt said:

On root, I ran pspy, noticed the non absolute path process, had some hints from ippsec’s lazy path video, tried that, non has given me a shell!

I’d appreciate some help here, I don’t want to skip this machine.

Actually, here you won’t get a root shell by the usual exploit ways. You’ll need to enumerate. First check the processes with the pspy tool ,watch closely for a process executed by root incl. the command line. Take note a dir in the PATH. Then craft your own script against a well known binary, copy it over to a dir where you can write in the PATH. Your script will be executed instead of the binary with root privileges doing whatever you want. Done and dusted. You are root :smile:

Type your comment> @heindycat said:

got user but stuck in the root. can someone explain me what to do with the p**y thing? or should i try other way? really appreciate the help.

No that’s all you need. Just run it and watch carefully what processes are executed as root (UID=0). Then you’ll spot one which you can actually exploit by writing your own script :smiley:

Type your comment> @CallMeZero said:

Can anyone help me with the hashcat part.?

nothing to do with hashcat
neither for root nor user

Rooted! Learnt something new from this box!
Thanks @GhostM for nudging me to the right direction.

Got it. That one was fun! Can’t believe how many times I had to see it staring me in the face before it clicked…

deleted

Hey i’m stuck on pspy tool…
Someone can DM me any hints? i know that i have to look for groups and permissions but i can’t modify noone of those directory :frowning:

Finally Rooted! Learned so much.
Hints for Root:

  • ippsec Lazy!!
  • pspy

Stuck on root, have tried the ideas gained from ippsec Lazy and pspy to no avail. Would love a pm with a little nudge

Edit: Got root, I wasn’t meticulous enough with my recon

Type your comment> @th3location said:

found the username and password r********9 and still no login to a****
any hints?

Did you check what other services are running?

@Fugl said:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

This hint saved me. It’s like you’re searching for your hat, when actually your hat it’s on top of your head.