OpenAdmin

@sudu123 said:

I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this

I didn’t find it in any standard wordlists on Kali.

I would be interested to know how people cracked it though.

Thanks a lot for the hint @Rado0z finally managed to root it! :smiley:

is someone able to pm me a hint? i have user1 and a k*y for user two but still can’t use it. the ‘don’t forget your password’ hint doesn’t seem to be helping

edit: all good, i’m used to using hashcat so i didn’t know there was another program that would brute force a key like that.

after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative :wink:

did some dir enum.
i’ve found the **a page and a few file directories on browser.
googled the exploit.
couldnt msf expl to work, and the .sh script is giving me an error.

at this point any help or tip is appreciated!

Rooted

PM for help

Type your comment> @TazWake said:

@sudu123 said:

I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this

I didn’t find it in any standard wordlists on Kali.

I would be interested to know how people cracked it though.

Try using a different cracking tool

You may need to first change the format of what you discovered so it fits the tool better

I’m on the machine and did some enum. found some m****i stuff and am able to connect. but stuck there.

Found some "F**E but also am not able to exploit this.

Any hints?

Type your comment> @Anakin102 said:

Thanks a lot for the hint @Rado0z finally managed to root it! :smiley:

Great Job :slight_smile:

@FlatMarsSociet said:

Try using a different cracking tool

You may need to first change the format of what you discovered so it fits the tool better

Ok - that makes sense, but it isn’t in any wordlists I can find on Kali or Seclists. Did people just brute force it with H****** ?

Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks

Can I get some hints I own the first user by I do not know what next to look at, I am new oh HTB.

@666Kuro666 said:

Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks

Happy to help but I am not sure what you are trying to do. Start with the begging of the key and go to the end. You can create your own to see what the layout should be.

@Crni said:

Can I get some hints I own the first user by I do not know what next to look at, I am new oh HTB.

Sure - have a read through this thread which basically provides a tutorial for this box. If there is something you dont understand or can’t get working either ask here for veiled hints or drop me a DM.

Anybody willing to help me get the second user? I have no idea what’s going on and the forum just keeps saying it’s between the 1st page and here lol but all I can get is:

5.7.28-0ubuntu0.18.04.4vMlMbg>�’���t"[lb%2Zl9mysql_native_password�Got packets out of orderjimmy@openadmin:~$

I’ve tried curling, searching but can’t find anything to get to user 2

Anybody willing to share an example or tutorial or something on how curl can be used to get an SSH key? In all my life and getting OSCP i’ve never used curl so I have zero clue on how to use it in this scenario

@WarrenVos said:

Anybody willing to share an example or tutorial or something on how curl can be used to get an SSH key? In all my life and getting OSCP i’ve never used curl so I have zero clue on how to use it in this scenario

You’ve misunderstood the hints.

There isn’t a standard way to “use curl to get X”. What people have said, several times is enumerate the box. When you find what you need to use curl on, you will understand how to use curl.

This isn’t meant to say “curl X” and an SSH key appears by magic. Its manipulate a service with curl - or the tool of your choice, you can use wget, a web browser, whatever you want.

Curl is just a tool for transferring data to, or from, a server. You could probably use nc if you wanted to do it manually.

Nice fun box :mrgreen:

I stuffed around for a couple of hours with the initial priv esc, just poor enum on my part. If you’re experiencing ‘internal’ frustration :wink: I suggest going back to the basics of retrieving web content from the cmd line (nothing fancy). Priv esc to root took less than a minute. If your stuck on root your overthinking it, just run any popular priv esc script and check the output.

Peace

This is my first box. It’s interesting!
Give someone a bit advices.
user1: Password is reused.

user2: Check all directory and port.

root : Very easy,Use existing.

If you have some questions, welcome PM me.

By the way: some bad guy delete the “root.txt” and “user.txt”, so I am not get them now, but i get the way.

Hope some guy can reset it, i run out of times :slight_smile:

nice straight forward box. Great job :slight_smile:

Huge thanks to @Darvidor for the help and advice given!