I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this
I didn’t find it in any standard wordlists on Kali.
I would be interested to know how people cracked it though.
is someone able to pm me a hint? i have user1 and a k*y for user two but still can’t use it. the ‘don’t forget your password’ hint doesn’t seem to be helping
edit: all good, i’m used to using hashcat so i didn’t know there was another program that would brute force a key like that.
after reading quite a few pages here and going nuts on this machine for 5hours, ive come to realize my IQ is probably negative
did some dir enum.
i’ve found the **a page and a few file directories on browser.
googled the exploit.
couldnt msf expl to work, and the .sh script is giving me an error.
I can see how to get to 2nd user but I’m not able to crack that hash by specifying --format and --wordlist. Is cracking that hash necessary to get to 2nd user or I’m overthinking this
I didn’t find it in any standard wordlists on Kali.
I would be interested to know how people cracked it though.
Try using a different cracking tool
You may need to first change the format of what you discovered so it fits the tool better
Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks
Can I get some help with the sshkey fomat, like correct ssh format example ?
I copy it for login account ,
but the terminal show : Load key “sshkey.txt”: invalid format .
the other problem :
I want to use tool for crack(convert) password , but also show : [sshkey.txt] couldn’t parse keyfile
Thanks
Happy to help but I am not sure what you are trying to do. Start with the begging of the key and go to the end. You can create your own to see what the layout should be.
Can I get some hints I own the first user by I do not know what next to look at, I am new oh HTB.
Sure - have a read through this thread which basically provides a tutorial for this box. If there is something you dont understand or can’t get working either ask here for veiled hints or drop me a DM.
Anybody willing to help me get the second user? I have no idea what’s going on and the forum just keeps saying it’s between the 1st page and here lol but all I can get is:
5.7.28-0ubuntu0.18.04.4vMlMbg>�’���t"[lb%2Zl9mysql_native_password�Got packets out of orderjimmy@openadmin:~$
I’ve tried curling, searching but can’t find anything to get to user 2
Anybody willing to share an example or tutorial or something on how curl can be used to get an SSH key? In all my life and getting OSCP i’ve never used curl so I have zero clue on how to use it in this scenario
Anybody willing to share an example or tutorial or something on how curl can be used to get an SSH key? In all my life and getting OSCP i’ve never used curl so I have zero clue on how to use it in this scenario
You’ve misunderstood the hints.
There isn’t a standard way to “use curl to get X”. What people have said, several times is enumerate the box. When you find what you need to use curl on, you will understand how to use curl.
This isn’t meant to say “curl X” and an SSH key appears by magic. Its manipulate a service with curl - or the tool of your choice, you can use wget, a web browser, whatever you want.
Curl is just a tool for transferring data to, or from, a server. You could probably use nc if you wanted to do it manually.
I stuffed around for a couple of hours with the initial priv esc, just poor enum on my part. If you’re experiencing ‘internal’ frustration I suggest going back to the basics of retrieving web content from the cmd line (nothing fancy). Priv esc to root took less than a minute. If your stuck on root your overthinking it, just run any popular priv esc script and check the output.