OpenAdmin

1394042444564

Comments

  • @6062055 said:

    @OrangeHat Thanks for the tip (:::respected:::).
    @TazWake Figured out with a couple nudges...thanks :) (:::respected:::)

    Nice work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @TazWake I got the user 1 (j***y) pass from some php or html file somewhere, viewable from www-data, then just logged in with that.

    For anyone else interested...
    User 2 = look for 'internal' files, try curl w/ interesting port.
    Root = sudo -l, find out what that output really means, and how to use it. Google should give you an idea, or just ask me :)

    This was my fourth machine. Took me way too long and too many hints to figure out Root, thought it would be easier to figure out. @dmw0ng , thanks for the great machine :smile:

  • Someone has just delete the whole admin application. Can you please don't do that next time, oh my god....

    staticnoise

  • finally rooted .. DM me if you want any help or hint :)

  • edited February 2020

    I am totally stuck on getting root. I dont understand what I am doing wrong with the sudo -l output. I feel I should be able to run these commands but I am not able to get privileges... frustrating.

    EDIT:

    hahahaha nice trick. I figured it out

    Badge

  • edited February 2020

    This is my first ever box so I am learning a lot but I am stuck on www-d***. I got the shell running and I have browsed the files for a long time. I found a my***i password for ***_sys , the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I'm thinking that I'm missing something obvious but I don't see what.

  • Type your comment> @MaartenM said:

    This is my first ever box so I am learning a lot but I am stuck on w-d***. I got the shell running and I have browsed the files for a long time. I found a my***i password for o_s**, the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I'm thinking that I'm missing something obvious but I don't see what.

    I think you need to see what the other file in that directory contains which is a big clue

    Badge

  • edited February 2020
    @inzel said:
    > Type your comment> @MaartenM said:
    >
    > (Quote)
    > I think you need to see what the other file in that directory contains which is a big clue

    The information I was talking about was in the ./l****/c**** directory. There are 3 files in there, and the file with the information is d*******_********.***.***. The run_********* file I cannot cat and the other I cannot find any clues in. What file and directory are you talking about?
  • I got the ssh for user2 after putting in "sudo -l" and seing my potential way in it's requesting me a password for user2? I thought I needed no password for this???

  • edited February 2020

    Type your comment> @Gentooman said:

    I got the ssh for user2 after putting in "sudo -l" and seing my potential way in it's requesting me a password for user2? I thought I needed no password for this???

    NVM I'm fucking stupid.... spaces are not comma's......

    Fun box, made me rage on the most easiest things ever.

  • @TazWake said:
    @6062055 said:

    EDIT: ...still can't figure this out, after few more hours messing with it. I don't understand, why sudo isn't working when it says NOPASSWD. I don't see how the GTFOBin method is supposed to work without sudo. I've tried it without sudo a hundred times now. Anyone else still messing with this? Does anyone have user2 cred's, for sudo? Maybe I'm missing some cred's. Someone mentioned some mysql cred's. I haven't seen them, but not sure if I need them, either.

    Are you still stuck? If so PM me. No extra creds needed but I am curious how you got user 1's creds.

    I am also curious about this...

  • Type your comment> @awarkozak said:
    > (Quote)
    > I am also curious about this...

    If you're setting up a cms or some other webapp it needs a password for a database. Try looking around with cat and ls
  • Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.

  • @illuzian said:

    Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.

    I am not 100% sure what the question is here. You seem to have answered it yourself.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Type your comment> @TazWake said:

    @illuzian said:

    Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.

    I am not 100% sure what the question is here. You seem to have answered it yourself.

    Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.

  • @illuzian said:

    Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.

    It depends. I got the 2nd user account without cracking the hash in the script.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Type your comment> @TazWake said:

    @illuzian said:

    Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.

    It depends. I got the 2nd user account without cracking the hash in the script.

    Ok, awesome. I found a hash and cracked it (it wasn't a complex password) but it didn't seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.

  • @illuzian said:

    Ok, awesome. I found a hash and cracked it (it wasn't a complex password) but it didn't seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.

    Ping me a pm if you want - it's not easy to explain this in any more detail without getting hit for a spoiler.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • rooted its a amazing box i learn much from this box

  • Rooted, VERY nice VM. Everything is logical without a big struggle if you look everything closely !

    Jugulairel

  • Loved this box. Great work

    Badge

  • i got shell but i don't know what to do now? someone if can help me to understand pm me

  • I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this

    Thanks,
    sudu

  • @mayomacam said:

    i got shell but i don't know what to do now? someone if can help me to understand pm me

    If you mean the remote code execution exploit, then you now need to use a combination of ls and cat to find something you can use to get a proper foothold as a user.

    If it is the user account, you need to search the box to find out what you need to become the second user.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @sudu123 said:

    I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this

    I didn't find it in any standard wordlists on Kali.

    I would be interested to know how people cracked it though.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited February 2020
    Thanks a lot for the hint @Rado0z finally managed to root it! :smiley:

    Anakin102

  • edited February 2020

    is someone able to pm me a hint? i have user1 and a k*y for user two but still can't use it. the 'don't forget your password' hint doesn't seem to be helping

    edit: all good, i'm used to using hashcat so i didn't know there was another program that would brute force a key like that.

  • after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative ;)

    did some dir enum.
    i've found the **a page and a few file directories on browser.
    googled the exploit.
    couldnt msf expl to work, and the .sh script is giving me an error.

    at this point any help or tip is appreciated!

    Hack The Box

  • Rooted

    PM for help

  • Type your comment> @TazWake said:

    @sudu123 said:

    I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this

    I didn't find it in any standard wordlists on Kali.

    I would be interested to know how people cracked it though.

    Try using a different cracking tool

    You may need to first change the format of what you discovered so it fits the tool better

    FlatMarsSociet

Sign In to comment.