Type your comment> @azeroth said:
i can’t decrypt secret hash… plz someone hint me
Use hashcat - no rules - rocking list - crack in less than a minute
Type your comment> @azeroth said:
i can’t decrypt secret hash… plz someone hint me
Use hashcat - no rules - rocking list - crack in less than a minute
@Raven37 said:
hello everyone working on root now. i think i understand at what process i should looking, but i can’t find file k**4.d under usual location. Can somebody help me?nvm, I was blind, found it. Now trying to do something with it
okay, I am stuck on it is where any way to copy files from heist machine to my kali and vise versa?
I used pscp:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Hi Folks,
Stuck on privesc -
I have the db files
I have dumps of the process
What am I looking for? Am I in a rabbit hole?
Thanks
Finally got root.
Hints:
User:
enumerate, enumerate, enumerate
crack what you enumerate
enumerate some more
Look beyond what you think is normal
play with the rubies
Root:
Think a little forensically
Grep and Strings are your friend
Don’t we always harp on credential re-use?
Feel free to DM me for hints.
Thanks to @minatoTW for making the box and @marlasthemage for all your help!
@1337mm look at my comment above.
Wow I had an unusual hard time getting user. Protip: use hashcat on your native machine.
Rooted.
I hitted head against the wall to understand creds logic, last step was so obvious that i overlooked it.
Pretty fun and useful box.
I have the k.d* file, but I’m stumped as to what to do next. I cant see a way to decrypt it with the info I have. I can’t see any info that stands out from the processes either. Is there a tool or ps cmd like pspy but for windows? Also there is no l*****.j**n file?
EDIT:
Rooted. Was chasing rabbits.
Hints:
File transfers were a pain, nc.exe worked for me.
Root - I love taking a dump on Windows!
Awesome box, learned alot thanks @minatoTW!
I have all the usernames and the 3 password, still cant connect what do I miss ? Should I enum more ?
Type your comment> @C3PJoe said:
@1337mm look at my comment above.
Thanks for the comment “Think a little forensically” - rooted
@MinatoTW Thanks for this exercise, taught me a lot about what can be gleaned from the process, also about seeing the trees amongst the forest.
On root - Can someone DM me?
I am unable to find the exact next step. I have a stable shell and I am able to transfer files without any issues. I have looked at every process, like others suggested in this thread, but it looks like I am unable to find the exact one that will allow me to move forward.
Thanks!
Edit: Rooted - Thanks @Raven37
Anyone knows how to decrypt cisco type 5 password??
Never been more lost at root before, but I must say it was an excellent learning experience for memory forensics → priv esc. Big thanks to @C3PJoe and @v0yager for the help
Hint for root:
Dump the process with the right tool and the right flags to get EVERYTHING you need but you won’t really need everything in the end
On root as well- need some help. I have the file that is related to the process that you are looking for, and i moved it to my machine, but unsure what to do next since every website is telling me it requires more then one file. Can someone DM me for a bit of a push?
Rooted… huge shoutout to @marlasthemage for all the help that didn’t give much away, but was solid at pointing in the right direction!
Can someone PM me please ?
I’ve got the command, the path, etc…but i can’t simply find the “password” in all the displayed datas. The only thing that could look like a password include some weird character like question mark. It is just in front of me but i can’t figure what the password is…
is the s5 hash = s*t? I’m using the cracked pass with the usernames found in the c.txt in the script mentioned in the forums for username enumeration but no combination of usernames/passwords works for me…