OpenAdmin

Stuck between the 1st and 2nd user, minor directing will be appreciated :slight_smile:

@Peleg said:

Stuck between the 1st and 2nd user, minor directing will be appreciated :slight_smile:

Type your comment> @TazWake said:

@Peleg said:

Stuck between the 1st and 2nd user, minor directing will be appreciated :slight_smile:

OpenAdmin - #882 by TazWake - Machines - Hack The Box :: Forums

Thank you, but ive already discovered the group and the files and still nothing that I do with them works or gives me any kind of advancement…

@Peleg said:

Thank you, but ive already discovered the group and the files and still nothing that I do with them works or gives me any kind of advancement…

Ok - it helps if you lead with the problem you are facing then.

If you have found the files you need to find where they are being served. This might help:

There are a couple of ways to get the information you need and it is alluded to above.

Alternatively, if none of the previous hints are useful for you, it might be worth trying to rephrase your question so it asks your specific problem. Hints are always going to be generic but keep in mind 99% of this box is enumeration. If you look in enough places you will find what you need, you just need to think how you want to use it.

Hi. I got the R** for j****a. Cracked it and got the password. After trying to get into the machine via ssh it always throws me permission denied. Any clue why is that so :frowning: ?

@Destroyervg said:

Hi. I got the R** for j****a. Cracked it and got the password. After trying to get into the machine via ssh it always throws me permission denied. Any clue why is that so :frowning: ?

When you say “it” - do you mean SSH or the remote server?

Based on what you’ve put, the likely causes are:

  1. your key hasn’t been properly configured. You should see some error messages saying this though.
  2. you haven’t unlocked the key - again SSH should throw up some errors here.
  3. You arent using the key to connect to the site, you are trying to use a password.

Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

Type your comment> @TazWake said:

@Destroyervg said:

Hi. I got the R** for j****a. Cracked it and got the password. After trying to get into the machine via ssh it always throws me permission denied. Any clue why is that so :frowning: ?

When you say “it” - do you mean SSH or the remote server?

Based on what you’ve put, the likely causes are:

  1. your key hasn’t been properly configured. You should see some error messages saying this though.
  2. you haven’t unlocked the key - again SSH should throw up some errors here.
  3. You arent using the key to connect to the site, you are trying to use a password.

By it i mean the machine: ssh i id_rsa joanna@10…171

One of your comments gave me a hint. The error message is the following:
…@…:~/Desktop# ssh -i id_rsa j.....a@10.10.10.171
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for ‘id_rsa’ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key “id_rsa”: bad permissions
jo....a@10.10.10.171’s password:
Permission denied, please try again.
jo...a@10.10.10.171’s password:

Type your comment> @TeRMaN said:

Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

@TeRMaN said:
Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

You can crack it with JohnTheReaper. I did it with this tool.

Type your comment> @Destroyervg said:

Type your comment> @TeRMaN said:

Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

@TeRMaN said:
Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

You can crack it with JohnTheReaper. I did it with this tool.

I found b*********s but it doesn’t work :frowning:

Type your comment> @TeRMaN said:

Type your comment> @Destroyervg said:

Type your comment> @TeRMaN said:

Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

@TeRMaN said:
Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

You can crack it with JohnTheReaper. I did it with this tool.

I found b*********s but it doesn’t work :frowning:

Same here brother…i get an error “permission denied”

Type your comment> @Destroyervg said:

Type your comment> @TeRMaN said:

Type your comment> @Destroyervg said:

Type your comment> @TeRMaN said:

Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

@TeRMaN said:
Hi i got jy then i found ja’s Private Key but i dont know how to decode it, is there any way to get public pass? Please help , just 1 step left to get User and Root.

You can crack it with JohnTheReaper. I did it with this tool.

I found b*********s but it doesn’t work :frowning:

Same here brother…i get an error “permission denied”

İf u findout pls tell me :smiley:

Rootey tootey! awesome but frustrating box, definately a great learning experience for begginers such as myself, the concepts are real world and not too complicated and call for focus and attention to detail, there’s nothing i could say that hasnt allready been said ad nauseum! Thanks to my Mentor ,he knows who he is, for your patience i dont know how you do it. Thanks to all else who leave excellent hints on this forum. :slight_smile:

@Destroyervg said:

By it i mean the machine: ssh i id_rsa joanna@10…171

One of your comments gave me a hint. The error message is the following:
…@…:~/Desktop# ssh -i id_rsa j.....a@10.10.10.171
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for ‘id_rsa’ are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key “id_rsa”: bad permissions
jo....a@10.10.10.171’s password:
Permission denied, please try again.
jo...a@10.10.10.171’s password:

Ok - you might have solved this now but for anyone else:

This is an error message from SSH on your own Kali machine. It says that the ssh client has ignored the private key and instead is asking for a password - which you dont have.

This means the key is not properly configured. chmod is your friend here.

@TeRMaN said:

I found b*********s but it doesn’t work :frowning:

@Destroyervg said:

Same here brother…i get an error “permission denied”

When you say “it doesnt work” - what doesnt work? The tools you are using give fairly comprehensive error messages and several things are happening so it is very hard to work out what the problem is without seeing the errors.

If the password doesn’t unlock the private key, then you should see an error message to that effect.

If you have the permissions incorrectly set and you see a “This private key will be ignored” message, you need to change the permissions.

“Permission denied” kind of implies you are trying to use the password for the private key as a password to access via SSH. This is not the right thing to do.

Type your comment> @TazWake said:

@TeRMaN said:

I found b*********s but it doesn’t work :frowning:

@Destroyervg said:

Same here brother…i get an error “permission denied”

When you say “it doesnt work” - what doesnt work? The tools you are using give fairly comprehensive error messages and several things are happening so it is very hard to work out what the problem is without seeing the errors.

If the password doesn’t unlock the private key, then you should see an error message to that effect.

If you have the permissions incorrectly set and you see a “This private key will be ignored” message, you need to change the permissions.

“Permission denied” kind of implies you are trying to use the password for the private key as a password to access via SSH. This is not the right thing to do.

I got the last one, Permission denied. when i tried to “ssh -i id_rsa…” it says “‘id_rsa’ are too open. It is required that your private key files are NOT accessible by others.
This private key will be ignored.” and u say this is not right thing… chmod maybe can help. Yes i did it with chmod! Thank u all

@TeRMaN said:

I got the last one, Permission denied. when i tried to “ssh -i id_rsa…” it says “‘id_rsa’ are too open. It is required that your private key files are NOT accessible by others.
This private key will be ignored.” and u say this is not right thing… chmod maybe can help. Yes i did it with chmod! Thank u all

Nice work.

Just starting out and I’m wondering if my dirbuster wordlist is failing me or if I have to look into what I already have. I have found 4 generic-looking websites (main obvious connection being the template source) but no URL directly taking me to a “service”. I saw people saying it might be good to try different wordlists but I didn’t get anything new so I just wanted to avoid a major rabbit hole.

@Exci said:

Just starting out and I’m wondering if my dirbuster wordlist is failing me or if I have to look into what I already have. I have found 4 generic-looking websites (main obvious connection being the template source) but no URL directly taking me to a “service”. I saw people saying it might be good to try different wordlists but I didn’t get anything new so I just wanted to avoid a major rabbit hole.

You are almost there.

When you look at the pages in your browser, or view the source, do any links point to something which might be interesting? Dont focus on a “service” as such.

Instead, look for links pointing to something you might want to attack.

Type your comment> @TazWake said:

@Exci said:

Just starting out and I’m wondering if my dirbuster wordlist is failing me or if I have to look into what I already have. I have found 4 generic-looking websites (main obvious connection being the template source) but no URL directly taking me to a “service”. I saw people saying it might be good to try different wordlists but I didn’t get anything new so I just wanted to avoid a major rabbit hole.

You are almost there.

When you look at the pages in your browser, or view the source, do any links point to something which might be interesting? Dont focus on a “service” as such.

Instead, look for links pointing to something you might want to attack.

Thanks, found it pretty quickly. It’s just that those hints threw me off.