Valentine

@scarrenor said:
Hi all. So, I’ve found a key and what appears to be a passphrase… Really flummoxed by the username situation. I feel like I’ve done my enum due diligence (repeatedly in the case of how I found the key), but… A bump in the right direction would be appreciated via DM.

I’m in the same place. I’ve run a few enumeration scripts looking for the usual suspects in usernames, run CeWL, run the initial exploit what feels like a hundred times, and tried everything I can think of relating to the theme of the box/exploit, but I can’t get there… If anyone has a method or hint to nudge me along, feel free to send me a PM.

So I have a rsa key, but its encrypted and asks for a password when I try to ssh. Any hints on how to obtain the password, or have I done something wrong?

Update, I’ve used jtr to crack the hash but it spits out garbled text mixed with proper characters. How can I fix this?

Valentine is DirtyHeart :slight_smile:

The username was RIGHT in front of my face all along - I feel silly at how much time I spent looking for it!

I have tried absolutely everything and can not get the username, could someone PM me with some help plz.

Hi everyone, I just got what seems to be the password.
Did a combinations of all possible username using the information I have but I couldn’t get the username. Any further hints? feel free to send me a DM if you have other hints.

Now I got the access…

Can someone PM a push in the right direction? I have the key and password. Appear to be stuck on the user.

Spoiler Removed - Arrexel

@rk2311 said:
Spoiler Removed - Arrexel

are you sure you got the username? or maybe it is something else

I going working on root.
Should we simply do it through a known exploit (cause it is crashing for me)?
or is there another way?

@w31rd0 said:
I going working on root.
Should we simply do it through a known exploit (cause it is crashing for me)?
or is there another way?

got root after all through an exploit. still think there was a better way though

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

@w31rd0 said:
got root after all through an exploit. still think there was a better way though

Same. Any hints on how to do it right and not the dirty way?

have what looks like a valid key but no passphrase for it.
have run the exploit hinted at by the picture probably no less than 200 times and have got nothing but a hash which I ran through hashcat and got a hex result and tried the decoded string but nothing.
I see people here saying that after just several attempts they got some useful info from the exploit but I have nothing after hundreds. Any hints please?

Rooted. Pointers for all lost:
a) Getting in is simple. If it’s not and you’re using the correct exploit, try another one with the same goal. I lost 2h with my first approach, using a Python variant of the exploit got me the pass in 3 tries.
b) Once inside, enumerate. Enumerate CAREFULLY and SEE. Use a tool or simply browse around. If you’re using dirty exploits for root you’re overthinking it. I know i did…

I had to take a second look at it since the dirty approach appeared to be too much. If you look carefully, a root shell will appear out of thin air.

If this is too much of a spoiler, please redact.

I have completed this box using the dirty way. But still want to know the other way for priv esc can someone PM me on Priv esc.