Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@TazWake I got the user 1 (j***y) pass from some php or html file somewhere, viewable from www-data, then just logged in with that.
For anyone else interested...
User 2 = look for 'internal' files, try curl w/ interesting port.
Root = sudo -l, find out what that output really means, and how to use it. Google should give you an idea, or just ask me
This was my fourth machine. Took me way too long and too many hints to figure out Root, thought it would be easier to figure out. @dmw0ng , thanks for the great machine
I am totally stuck on getting root. I dont understand what I am doing wrong with the sudo -l output. I feel I should be able to run these commands but I am not able to get privileges... frustrating.
This is my first ever box so I am learning a lot but I am stuck on www-d***. I got the shell running and I have browsed the files for a long time. I found a my***i password for ***_sys , the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I'm thinking that I'm missing something obvious but I don't see what.
This is my first ever box so I am learning a lot but I am stuck on w-d***. I got the shell running and I have browsed the files for a long time. I found a my***i password for o_s**, the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I'm thinking that I'm missing something obvious but I don't see what.
I think you need to see what the other file in that directory contains which is a big clue
@inzel said:
> Type your comment> @MaartenM said:
>
> (Quote)
> I think you need to see what the other file in that directory contains which is a big clue
The information I was talking about was in the ./l****/c**** directory. There are 3 files in there, and the file with the information is d*******_********.***.***. The run_********* file I cannot cat and the other I cannot find any clues in. What file and directory are you talking about?
I got the ssh for user2 after putting in "sudo -l" and seing my potential way in it's requesting me a password for user2? I thought I needed no password for this???
I got the ssh for user2 after putting in "sudo -l" and seing my potential way in it's requesting me a password for user2? I thought I needed no password for this???
NVM I'm fucking stupid.... spaces are not comma's......
Fun box, made me rage on the most easiest things ever.
EDIT: ...still can't figure this out, after few more hours messing with it. I don't understand, why sudo isn't working when it says NOPASSWD. I don't see how the GTFOBin method is supposed to work without sudo. I've tried it without sudo a hundred times now. Anyone else still messing with this? Does anyone have user2 cred's, for sudo? Maybe I'm missing some cred's. Someone mentioned some mysql cred's. I haven't seen them, but not sure if I need them, either.
Are you still stuck? If so PM me. No extra creds needed but I am curious how you got user 1's creds.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
I am not 100% sure what the question is here. You seem to have answered it yourself.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
I am not 100% sure what the question is here. You seem to have answered it yourself.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
It depends. I got the 2nd user account without cracking the hash in the script.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
It depends. I got the 2nd user account without cracking the hash in the script.
Ok, awesome. I found a hash and cracked it (it wasn't a complex password) but it didn't seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.
Ok, awesome. I found a hash and cracked it (it wasn't a complex password) but it didn't seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.
Ping me a pm if you want - it's not easy to explain this in any more detail without getting hit for a spoiler.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this
i got shell but i don't know what to do now? someone if can help me to understand pm me
If you mean the remote code execution exploit, then you now need to use a combination of ls and cat to find something you can use to get a proper foothold as a user.
If it is the user account, you need to search the box to find out what you need to become the second user.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this
I didn't find it in any standard wordlists on Kali.
I would be interested to know how people cracked it though.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
is someone able to pm me a hint? i have user1 and a k*y for user two but still can't use it. the 'don't forget your password' hint doesn't seem to be helping
edit: all good, i'm used to using hashcat so i didn't know there was another program that would brute force a key like that.
after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative
did some dir enum.
i've found the **a page and a few file directories on browser.
googled the exploit.
couldnt msf expl to work, and the .sh script is giving me an error.
I can see how to get to 2nd user but I'm not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking this
I didn't find it in any standard wordlists on Kali.
I would be interested to know how people cracked it though.
Try using a different cracking tool
You may need to first change the format of what you discovered so it fits the tool better
Comments
@6062055 said:
Nice work.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@TazWake I got the user 1 (j***y) pass from some php or html file somewhere, viewable from www-data, then just logged in with that.
For anyone else interested...
User 2 = look for 'internal' files, try curl w/ interesting port.
Root = sudo -l, find out what that output really means, and how to use it. Google should give you an idea, or just ask me
This was my fourth machine. Took me way too long and too many hints to figure out Root, thought it would be easier to figure out. @dmw0ng , thanks for the great machine
Someone has just delete the whole admin application. Can you please don't do that next time, oh my god....
finally rooted .. DM me if you want any help or hint
I am totally stuck on getting root. I dont understand what I am doing wrong with the sudo -l output. I feel I should be able to run these commands but I am not able to get privileges... frustrating.
EDIT:
hahahaha nice trick. I figured it out
This is my first ever box so I am learning a lot but I am stuck on www-d***. I got the shell running and I have browsed the files for a long time. I found a my***i password for ***_sys , the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I'm thinking that I'm missing something obvious but I don't see what.
Type your comment> @MaartenM said:
I think you need to see what the other file in that directory contains which is a big clue
> Type your comment> @MaartenM said:
>
> (Quote)
> I think you need to see what the other file in that directory contains which is a big clue
The information I was talking about was in the ./l****/c**** directory. There are 3 files in there, and the file with the information is d*******_********.***.***. The run_********* file I cannot cat and the other I cannot find any clues in. What file and directory are you talking about?
I got the ssh for user2 after putting in "sudo -l" and seing my potential way in it's requesting me a password for user2? I thought I needed no password for this???
Type your comment> @Gentooman said:
NVM I'm fucking stupid.... spaces are not comma's......
Fun box, made me rage on the most easiest things ever.
I am also curious about this...
> (Quote)
> I am also curious about this...
If you're setting up a cms or some other webapp it needs a password for a database. Try looking around with cat and ls
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
@illuzian said:
I am not 100% sure what the question is here. You seem to have answered it yourself.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Type your comment> @TazWake said:
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
@illuzian said:
It depends. I got the 2nd user account without cracking the hash in the script.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
Type your comment> @TazWake said:
Ok, awesome. I found a hash and cracked it (it wasn't a complex password) but it didn't seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.
@illuzian said:
Ping me a pm if you want - it's not easy to explain this in any more detail without getting hit for a spoiler.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
rooted its a amazing box i learn much from this box
Rooted, VERY nice VM. Everything is logical without a big struggle if you look everything closely !
Loved this box. Great work
i got shell but i don't know what to do now? someone if can help me to understand pm me
I can see how to get to 2nd user but I'm not able to crack that hash by specifying
--formatand--wordlist. Is cracking that hash necessary to get to 2nd user or I'm overthinking thisThanks,
sudu
@mayomacam said:
If you mean the remote code execution exploit, then you now need to use a combination of
lsandcatto find something you can use to get a proper foothold as a user.If it is the user account, you need to search the box to find out what you need to become the second user.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@sudu123 said:
I didn't find it in any standard wordlists on Kali.
I would be interested to know how people cracked it though.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
is someone able to pm me a hint? i have user1 and a k*y for user two but still can't use it. the 'don't forget your password' hint doesn't seem to be helping
edit: all good, i'm used to using hashcat so i didn't know there was another program that would brute force a key like that.
after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative
did some dir enum.
i've found the **a page and a few file directories on browser.
googled the exploit.
couldnt msf expl to work, and the .sh script is giving me an error.
at this point any help or tip is appreciated!
Rooted
PM for help
Type your comment> @TazWake said:
Try using a different cracking tool
You may need to first change the format of what you discovered so it fits the tool better