Traverxec

18911131431

Comments

  • Hi guys, I've got the cred of D***d and cracked the hash. I'm aware of the only X permitted directory but don't know what to do next. PM would be useful.

  • edited November 2019

    Type your comment> @Ursa said:

    s2j is giving me a weird hash and the type isn't working in john even with the s...g format specified; more specifically, that type doesn't show up in the format types when I use john --list=formats and the utility specifically for that type to john states that it isn't a valid key file.

    Edit: I’m just retarded, feel free to pm with questions

    i ran john without any "format" flag. just wordlist that really rocks and file with hash

  • Root part was so funny !

    User : the cred is a rabbit hole ! I spent too much time with the creds. You dont need it in order to get user. So just ignore it and keep enumerating.

  • @HolyPanda said:
    Type your comment> @Ursa said:

    s2j is giving me a weird hash and the type isn't working in john even with the s...g format specified; more specifically, that type doesn't show up in the format types when I use john --list=formats and the utility specifically for that type to john states that it isn't a valid key file.

    Edit: I’m just retarded, feel free to pm with questions

    i ran john without any "format" flag. just wordlist that really rocks and file with hash

    Yeah I figured it all out. it was a picnic. Got root finally, woot!

    Discord: Ursa#1337

    Ursa

  • Rooted, first box rooted so I feel pretty good. Thanks to Shad0wQu35t.

    Need help? Contact me on discord: hecker#7348

  • Can someone send me a PM, got my initial shell and just not seeing anything in the c*** file. Already got the creds, but not seeing this "hidden" thing that I should be able to see. I feel like a complete tool right now.

    Spknoxy

  • edited November 2019

    Type your comment> @Crafty said:

    Root part was so funny !

    User : the cred is a rabbit hole ! I spent too much time with the creds. You dont need it in order to get user. So just ignore it and keep enumerating.

    It's not a rabbit hole, you can actually use them even if you can do it without them

    Hilbert

  • Rooted it yesterday DM for help

  • Rooted.

    User isn't terribly difficult. Didn't really require a lot of enumeration, just a lot of additional research.

    Root it a troll though. tried a bunch of things before I remembered how a particular thing works. Fun box!

    tj0

  • This is just my second box, but I have got access to everything I need for User, still I can't crack it. Have been struck at it for the past 24 hours, have even obtained the keys yet I can't login. Can someone help me where am I going wrong?

  • PM me for hints (user /root ) if you want :)

    If i helped you, +1 respect please !

    Hack The Box

  • /> @trikster9 said:
    > This is just my second box, but I have got access to everything I need for User, still I can't crack it. Have been struck at it for the past 24 hours, have even obtained the keys yet I can't login. Can someone help me where am I going wrong?

    You'll need to crack key passphrase in order to log in.
  • edited November 2019

    ROOTED.
    fun box.

    Hints,
    Foothold: Can't use me********? Try doing it manually
    Root: GTFOBINS is your friend. NOTHING TO DO WITH RESOLUTION OR SCREEN SIZE AT ALL.

    Feel free to PM for a nudge,

  • sziszi
    edited November 2019

    .

  • Type your comment> @Franna said:

    ROOTED.
    fun box.

    Hints,
    Foothold: Can't use me********? Try doing it manually
    Root: GTFOBINS is your friend. NOTHING TO DO WITH RESOLUTION OR SCREEN SIZE AT ALL.

    Feel free to PM for a nudge,

    not if you use i3 desktop...size matters

    peek

  • Unable to get past the n****d.c*** file. Read man, read the file. Please help :(

  • edited November 2019

    Finally, got the user flag. Puh, so much to learn.
    Even copy text in putty is a challange. :D

  • I've got the user private key but I can't decrypt the passphrase to use it. Can someone give me a hint on this ?

    Hack The Box

  • Type your comment> @RaoulDuke said:

    I've got the user private key but I can't decrypt the passphrase to use it. Can someone give me a hint on this ?

    John worked for me. Got to make the hash first with a .py script.

  • Type your comment> @Lexxie said:

    Type your comment> @RaoulDuke said:

    I've got the user private key but I can't decrypt the passphrase to use it. Can someone give me a hint on this ?

    John worked for me. Got to make the hash first with a .py script.

    Thanks I was using the wrong srcipt now I'm on my way for the root.

    Hack The Box

  • Did anyone got the file via web or also only with gussing on cli?

  • Type your comment> @cpc6128 said:

    Did anyone got the file via web or also only with gussing on cli?

    You'll get something via web... before that you need to look carefully and read any configs you find after you get the initial shell.

  • just rooted! some hints
    user: as someone said, if you can't see it, it doesn't meant that it doens't exist
    root: if it works, go small :)

  • edited November 2019

    I was able to solve on i3-gaps with 3440x1440.

    Resolution isn't the only way to skin this cat. ;-)

  • this box is trash. it only took me like 5 minutes to figure out the initial shell foothold but it's so unstable and crashing every 2 minutes and half the time port 80 just doesn't even show up or respond.
    i've wasted literally hours just trying to keep the shell open long enough to actually do anything.

    @jkr is this intentional? it's so frustrating

  • edited November 2019

    @dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

    0byte

  • Type your comment> @stoffern said:

    @dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

    the server was not booted at all in the VIP labs, i just booted it fresh after waiting several days since release and it's still doing that. Tried using the initial shell to save a binary shell and run it and it still stops responding after a few mins. :/

  • got user password cracked.... but its not working when i ssh?!!

  • Spoiler Removed

Sign In to comment.