I got the private key using curl but i didn’t know how to use it, i also try john to crack it but it didn’t work. feel free to pm me for hint, i think i’m closer to get the root
Google is your friend. If you google what you want John to do here, the answers will be very high on the list.
Basically its a two-step process. You use a tool to turn what you are looking at into John, then John it.
@GhostFusion or anyone who knows… I only found ona with hints on here, so how did you find ona? I’ve run a lot of searches with dirb and gobuster, but they never came up with it. Is it a better wordlist, or just Googling for it?
A common wordlist should work in finding the first pages. Then it’s a simple matter of trying the links on those pages.
This box is largely enumeration, no magic tricks needed.
Hi,
I cracked the pass b*n***** using john and when i ssh to ja.The password doesnt work.I tried resetiing too but didnt work.Could someone please help me.
thank you
Hi,
I cracked the pass b*n***** using john and when i ssh to ja.The password doesnt work.I tried resetiing too but didnt work.Could someone please help me.
thank you
Completely depends on what you mean by the password doesn’t work. You cant log in with it as a username/password combo. Its there to unlock the thing you cracked it off.
Hi,
I cracked the pass b*n***** using john and when i ssh to ja.The password doesnt work.I tried resetiing too but didnt work.Could someone please help me.
thank you
Completely depends on what you mean by the password doesn’t work. You cant log in with it as a username/password combo. Its there to unlock the thing you cracked it off.
I dont understand. Let me clear it i got the user.txt flag using jiy user and later found the ssh private key of joaa and cracked using john and found the pass as bloni*s but when i ssh using that pass it does’nt accept it and says permission denied
I’d love to work on this box if it would stop hanging and dying every 2 minutes.
Seriously is this a joke from HTB??? Every time I do anything it works for a moment and then the box just hangs for 5 minutes…then I can type one command or view one url and then it hangs again…WTH???
Leaving this before I lose my mind…5 hours and all i’ve managed to do is painfully painfully painfully inch to the initial foothold with the constant hanging.
Hi,
I cracked the pass b*n***** using john and when i ssh to ja.The password doesnt work.I tried resetiing too but didnt work.Could someone please help me.
thank you
Completely depends on what you mean by the password doesn’t work. You cant log in with it as a username/password combo. Its there to unlock the thing you cracked it off.
I dont understand. Let me clear it i got the user.txt flag using jiy user and later found the ssh private key of joaa and cracked using john and found the pass as bloni*s but when i ssh using that pass it does’nt accept it and says permission denied
You’ve sort of answered your own question there.
If you got the ssh private key, you dont have a login password.
First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
You need to use a combination of ls and cat around the place you have landed. The information you need to progress is pretty much at your feet there.
Ignore the millions of shells. Look for interesting files and folders which may hold configuration information for a system and then remember people reuse passwords.
First attempted box ever since I figured it’d be the easiest currently active. Stuck on www-****. Can’t seem to find anything useful. Would really appreciate some help. PM please
You need to use a combination of ls and cat around the place you have landed. The information you need to progress is pretty much at your feet there.
Ignore the millions of shells. Look for interesting files and folders which may hold configuration information for a system and then remember people reuse passwords.
Wow I hate myself. Found the credentials for user1 hours ago but only attempted to login with user2. Thanks for the push, made me retrace my steps. My true newbie colors are shining through at the moment. I’ll get there eventually
can someone give me hint i get the user1 j***y but cannt get the user2 can someone give me hint?
Enumerate your user fully, find out if something groups the two users together. Find things they might both be able to access. Read them, exploit them.