OpenAdmin

Type your comment> @CuriousJ said:

Type your comment> @h4bit4t said:

Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).

Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?

You shouldn’t need her password!

Thanks! :slight_smile:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

Type your comment> @burjanbalazs said:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

Hello, you need the passphrase that protects the private key and/or set restrictive permissions on the file.

What command are you using to connect to the box?

id

uid=0(root) gid=0(root) groups=0(root)

User 1: Start by enumerating. You’ll find a means to exploit and get a terminal. From there, look for interesting files…
User 2: Now that you have a real SSH session, you’ll find another interesting file that cats something private when accessed through a particular means…
Root: GTFOBins…

Fun box, thanks @dmw0ng

Not my proudest, in hindsight which is always 20/20 need to learn to look rather than over think - id uid=0(root) gid=0(root) groups=0(root)

Thanks for the box. A good & easy refresher =)

for those who struggle with the searchsploit script just remove all comments up to #!/bin/bash

Managed to pop OpenAdmin, although I’m not entirely sure the way I did it was the intended route. I managed to find the encrypted file but couldn’t pop the password and used an alternate route to get root.txt. Would appreciate if someone could enlighten me on getting the PW.

Need some help here… i stuck on getting the cred of second user.
I found the file m***.php and manage to crack the password (sha***) but that is not the password for the second user. I try to run the m***.php with openadmin cli tool (with admin cred) but I still can’t access anything on second user’s directory. I imagine user.txt is inside the second user’s directory but i can’t seem to reach that. please help …

Type your comment> @xformer1337 said:

Need some help here… i stuck on getting the cred of second user.
I found the file m***.php and manage to crack the password (sha***) but that is not the password for the second user. I try to run the m***.php with openadmin cli tool (with admin cred) but I still can’t access anything on second user’s directory. I imagine user.txt is inside the second user’s directory but i can’t seem to reach that. please help …

DM me

@awakengaming83 said:

@kalitkd I how found the dir /o** and found the .sh script on google, but since I am very new to both linux and pentesting I am unaware of how to modify said script to point at the correct location.

try scriptname.sh http://ipaddress/path/target - change the details to be what you want to use.

@nigamelastic said:

i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything

This sounds harsh, but either some idiot has messed up the box or you just need to look harder. When you run ls you find files. Are you 100% sure you’ve read every one, in every folder, and not found anything useful?

@burjanbalazs said:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

If you are on a free box, it is very possible (even likely) that someone has broken it.

However you need to troubleshoot better. When you say “it” asks for a password is SSH asking for a password (i.e. to unlock the key) or is the remote box asking for a password (i.e the key hasnt worked).

If you spend time to find that out, you can work out a solution.

just rooted !!!
Hack The Box

anyone have a problem with the box?? i can’t do a nmap scan due to the box lost connection

alright, this was not a particularly difficult box.

Foothold: find the vulnerable service, Google-fu
User 1: it’s right in front of you, don’t over think
User 2: pay attention to what you’re given
Root: Simplest priv esc yet on HTB

Overall a fun box. Quickest own yet for me personally.

Type your comment> @TazWake said:

@burjanbalazs said:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

If you are on a free box, it is very possible (even likely) that someone has broken it.

However you need to troubleshoot better. When you say “it” asks for a password is SSH asking for a password (i.e. to unlock the key) or is the remote box asking for a password (i.e the key hasnt worked).

If you spend time to find that out, you can work out a solution.

I’m sorry, you’re right, I didn’t describe my problem well enough. So my problem was that when I tried to run ssh with the key that I found, it asked for a passphrase, well enough since i cracked the key I knew the passphrase, but after that it still asked me for the user’s password. After about 30 minutes of head banging some voice in my head told me to switch servers, maybe someone messed up the box, and lo and behold, after the switch it immediately worked, thank you for your response

I found some interesting words in login.php — <input id=“standalone” type=“hidden” ,but don’t know how to use it .Can anybody help me?

rooted!! ,good box or beginners like me

Type your comment> @yuksec said:

I found some interesting words in login.php — <input id=“standalone” type=“hidden” ,but don’t know how to use it .Can anybody help me?

I didn’t use what you have mentioned. What stage are you at? You can PM if needed.