OpenAdmin

rooted its a amazing box i learn much from this box

Rooted, VERY nice VM. Everything is logical without a big struggle if you look everything closely !

Loved this box. Great work

i got shell but i don’t know what to do now? someone if can help me to understand pm me

I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this

Thanks,
sudu

@mayomacam said:

i got shell but i don’t know what to do now? someone if can help me to understand pm me

If you mean the remote code execution exploit, then you now need to use a combination of ls and cat to find something you can use to get a proper foothold as a user.

If it is the user account, you need to search the box to find out what you need to become the second user.

@sudu123 said:

I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this

I didn’t find it in any standard wordlists on Kali.

I would be interested to know how people cracked it though.

Thanks a lot for the hint @Rado0z finally managed to root it! :smiley:

is someone able to pm me a hint? i have user1 and a k*y for user two but still can’t use it. the ‘don’t forget your password’ hint doesn’t seem to be helping

edit: all good, i’m used to using hashcat so i didn’t know there was another program that would brute force a key like that.

after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative :wink:

did some dir enum.
i’ve found the **a page and a few file directories on browser.
googled the exploit.
couldnt msf expl to work, and the .sh script is giving me an error.

at this point any help or tip is appreciated!

Rooted

PM for help

Type your comment> @TazWake said:

@sudu123 said:

I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this

I didn’t find it in any standard wordlists on Kali.

I would be interested to know how people cracked it though.

Try using a different cracking tool

You may need to first change the format of what you discovered so it fits the tool better

I’m on the machine and did some enum. found some m****i stuff and am able to connect. but stuck there.

Found some "F**E but also am not able to exploit this.

Any hints?

Type your comment> @Anakin102 said:

Thanks a lot for the hint @Rado0z finally managed to root it! :smiley:

Great Job :slight_smile:

@FlatMarsSociet said:

Try using a different cracking tool

You may need to first change the format of what you discovered so it fits the tool better

Ok - that makes sense, but it isn’t in any wordlists I can find on Kali or Seclists. Did people just brute force it with H****** ?

Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks

Can I get some hints I own the first user by I do not know what next to look at, I am new oh HTB.

@666Kuro666 said:

Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks

Happy to help but I am not sure what you are trying to do. Start with the begging of the key and go to the end. You can create your own to see what the layout should be.

@Crni said:

Can I get some hints I own the first user by I do not know what next to look at, I am new oh HTB.

Sure - have a read through this thread which basically provides a tutorial for this box. If there is something you dont understand or can’t get working either ask here for veiled hints or drop me a DM.

Anybody willing to help me get the second user? I have no idea what’s going on and the forum just keeps saying it’s between the 1st page and here lol but all I can get is:

5.7.28-0ubuntu0.18.04.4vMlMbg>�’���t"[lb%2Zl9mysql_native_password�Got packets out of orderjimmy@openadmin:~$

I’ve tried curling, searching but can’t find anything to get to user 2