Valentine

@B3nT3ch said:
The username is not hard to find just try few stuff obvious stuff ofc

I did try some obvious stuff relating to the valentine and exploit, but still nothing. Gah.

Like the others having issues with the username and password, any hints?? Can someone PM me?

I have the decoded string from the exploit and the rsa key. Would someone be able to message me a clue on finding the user please?

@hexiburner said:
Like the others having issues with the username and password, any hints?? Can someone PM me?

Typical as soon as I post I get it. It right there!!!

@Trazoku said:
I have the decoded string from the exploit and the rsa key. Would someone be able to message me a clue on finding the user please?

Its right where you found the key

Hey guys, anyone around for a question. I tried to get the passphrase using john and some common pwd lists, no luck. Is there another technique i should be looking at for getting the passphrase?

@Th3R0ck said:
Hey guys, anyone around for a question. I tried to get the passphrase using john and some common pwd lists, no luck. Is there another technique i should be looking at for getting the passphrase?

Yes, stop bruteforcing and start enumerating. HTB is usually not about bruteforce. When you think about bruteforce, you are missing some piece

Thank you @Laegir, i bet it is something that is staring me right in the face :-).

Hi there, I’ve p0wned the system. For those who are still struggling with it, don’t overthink. Here comes two hints:

  • First foothold into the system: think about the name of the machine and the image from its website. This should be enough to point you into the right direction.

  • Priv Esc: think about running something out-of-the-box . Use something like “Linux Exploit Suggester” to help you find the right thing to exploit.

Good luck,

Can anyone give me few gives. got encrypted private key. Got exploit dump with a hash-like string. Am I missing something? Any hints? I am looking at this machine for a long time. PM me or give me some hints here.

I had to run my ‘exploit dump’ 14 times to get what was needed.

Hint: The data you see will have to be related to the web application.

Hope this is not a spoiler, please remove if it is.

I’ve found everything I need (key, passphrase, user), but it’s not working. Can someone PM me for something to try.

There is a simple and elegant way for priv esc, the dirty way didn’t seem to work for me.
Just look at the programs installed and find ones that are generally not present on HTB boxes.
Also enumerate and find files with weird permissions, and then combine the two.

Spoiler Removed - Arrexel

Hate to ask, but any clues as to Priv Esc on Valentine. Been through the LinEnum scripts output line by line, Crashed the machine several times trying various exploits suggested by linux-exploit-suggester, run through the g0tm1lk guide but not seeing a path to escalation.

@socialkas said:
Hi there, I’ve p0wned the system. For those who are still struggling with it, don’t overthink. Here comes two hints:

  • First foothold into the system: think about the name of the machine and the image from its website. This should be enough to point you into the right direction.

  • Priv Esc: think about running something out-of-the-box . Use something like “Linux Exploit Suggester” to help you find the right thing to exploit.

Good luck,

I can’t even do the First foothold and im tired af now after a long day of dealing with this. i cant steghide the image without its password but there is no password anywhere …
and since you said think about the name i thought it may have been the password but hey guess what i was wrong again tihi
:tired_face:

Spoiler Removed - Arrexel

@richeze said:
Hate to ask, but any clues as to Priv Esc on Valentine. Been through the LinEnum scripts output line by line, Crashed the machine several times trying various exploits suggested by linux-exploit-suggester, run through the g0tm1lk guide but not seeing a path to escalation.

If you read through all these posts you will find plenty of hints. Is the kernel version vulnerable to well known exploits?

Feel free to pm me if you still need help.

Thanks got it eventually, once I actually read the results of the enum tools properly.

Hi everyone, new to HTB, and I’ve done a machine before, this is my second and I’m trying the exploit but I cant seem to find the necessary data, I’ve been using custom C++ code to filter out data I think is not useful, but I think I’m missing something, can someone help?