OpenAdmin

Type your comment> @samdtyler said:

@BluesMcGroove said:

My friend john isn’t being helpful, could someone nudge me the right way?

Not sure where you are stuck but no passwords in this box that are intended to be cracked are unbeatable by Rockyou. If you are having trouble, there is something wrong with the input or it isn’t necessary to proceed.

If you are on user1 looking for user2 then you will need another tool to help John read it first.

So much outdated info out on the web about it, but I found it.

Got that user!

someone mind shooting me a message to discuss root?

sent you a pm mate.

Hi, I’m a bit stuck on root side. I know how to do it, but I’m not able to find the “right command”. Would be someone so kind to send me a PM with a hint? Thanks a lot guys.

Hi guys, can anyone help me for the root flag? Kinda new here. Please DM.

Type your comment> @TazWake said:

It is possible that someone has broken something on the box or thought it was funny to modify the password.

i agree, since my cracked pw from rsa key, doesnt seem to be working and ive confirmed that the pw i got from john is correct, so why wont she unlock the door?

Spoiler Removed

@0rbit4L said:

i agree, since my cracked pw from rsa key, doesnt seem to be working and ive confirmed that the pw i got from john is correct, so why wont she unlock the door?

If you have a password you cracked off the rsa key, it should work.

Check you have set the perms on the key correctly and that you are using it properly to unlock the door.

Remember the password you’ve cracked off the key is for the key, not the door.

@newman12377 said:

I am at user1 I found the file for user2 related stuff. Just wondering if it is correct to alter the file for access or is there some other method? Because i altered it once and it didnt work and i didnt have the original so it might have screwed some people up. Therefore, I stopped making irreversible changes.

AFAIK, there isn’t anything on the box which needs irreversible changes.

There is one approach to get the key for user 2 where you can comment out a line to save attacking a hash but that’s it. It should be as trivial as a single character there which can be added and removed at your leisure.

nm, it miraculously just worked lol, doing the same thing i been trying for the last 24 hours…hmm, thanks Taz, but yeah i crossed all the t’s and dotted all the i’s, but i just wouldnt go, and now all of a sudden it did, very strange to say the least :slight_smile: but thanks anyways Taz :slight_smile:

@CandiedPixel said:

Alright, I need help. I am currently USER: j*y and have SH access.
I have looked through the S
L database and got nuthin! I have decrypted creds for my current USER however, no clue how to utilize them. I tried transferring the obvious .php to the location where it could be utilized, however once logged in it just says page not found.

Someone please hook this guy up HAHA!
Thanks ALL

I am not sure what it is you are having problems with, or what you’ve already done so its difficult to give help.

If you’ve found out what user you want to become next, have a look if there is anything which groups that user account and your user account. If there is, look for things on the file system they can both access.

From there, have a look where those things might be hosted and once you’ve found that you can grab the data using common tools.

Except for a couple of steps, this box is almost totally a case of looking for files and enumerating configuration settings.

Type your comment> @TazWake said:

@newman12377 said:

I am at user1 I found the file for user2 related stuff. Just wondering if it is correct to alter the file for access or is there some other method? Because i altered it once and it didnt work and i didnt have the original so it might have screwed some people up. Therefore, I stopped making irreversible changes.

AFAIK, there isn’t anything on the box which needs irreversible changes.

There is one approach to get the key for user 2 where you can comment out a line to save attacking a hash but that’s it. It should be as trivial as a single character there which can be added and removed at your leisure.

Yea, samdtyler, has given me a really great help towards finding user2. I really appreciate you taking time out to response to my question as well. Thank you. I have gotten user 2 already.

Hello, Soy nuevo en htb, Intento resolver esta maquina y es la primera vez necesito un empujón.

@jesus62175 said:

Hello, Soy nuevo en htb, Intento resolver esta maquina y es la primera vez necesito un empujón.

Run a scan on the IP address and find out what ports are open.

Use the tools built into Kali to enumerate those ports a bit further and see if you can find any other services, pages, sites, etc which might be worth looking into.

When you find something new, search for possible exploits against it.

Run the exploit and gain RCE access. From here you need to carry on enumerating (gathering information from files, folders, configuration items etc) to get the way to access as the first user.

From here, you need to enumerate again to get into the account of the second user.

Then, some more enumeration will give you the way to get an escape into root.

Hello,

I’ve access to user2 private key but haven’t found anywhere the passphrase linked to the key.

So I managed to get access access to user2 through a reverse shell, but when I try to execute the command that user2 has to use to go further, I got a sudo error.

I’d like to know if I have to access user2 via SSH witch means finding the passphrase.

@abdoucoul said:

Hello,

I’ve access to user2 private key but haven’t found anywhere the passphrase linked to the key.

So I managed to get access access to user2 through a reverse shell, but when I try to execute the command that user2 has to use to go further, I got a sudo error.

I’d like to know if I have to access user2 via SSH witch means finding the passphrase.

I’d love to know how you got a shell as the second named user - that seems really hard.

Getting a passphrase out of a private key is fairly trivial by comparison, there are tools for it built into Kali.

Type your comment> @TazWake said:

@abdoucoul said:

Hello,

I’ve access to user2 private key but haven’t found anywhere the passphrase linked to the key.

So I managed to get access access to user2 through a reverse shell, but when I try to execute the command that user2 has to use to go further, I got a sudo error.

I’d like to know if I have to access user2 via SSH witch means finding the passphrase.

I’d love to know how you got a shell as the second named user - that seems really hard.

Getting a passphrase out of a private key is fairly trivial by comparison, there are tools for it built into Kali.

I finally rooted my first box !

Thanks

@abdoucoul said:

I finally rooted my first box !

Thanks

Nice work!

Pwned. All in all, fun box.

PM for hints.

why do people alter needed files grrrrr, have to reset for the php-file since it now contains a python reverse shell instead of the needed “cat” :slight_smile: