Hint for Sunday

@S4ck said:

@lambda1776 said:
So I logged in as a user and cant seem to find how to access the user.txt as it is owned by sammy. Can anyone PM me a hint on how to view the file or Priv escalation? Respect will be given

enumerate manually :wink:

I believe i did, i saw a interesting troll and thought it might have something to do with it but maybe im wrong. And i didnt see anything particularly interesting during the rest of the enumeration. Am i missing something?
I am looking to improve my enumeration so tips or resources would help.

I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

@rek2 said:
I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

any hint for wordlist to crack root hash?

For a 20 point box this is messing with my head. Can someone give me a pointer? I can’t get pass the part of user enumeration (done), or how to use the two open services…

@alquimista said:
For a 20 point box this is messing with my head. Can someone give me a pointer? I can’t get pass the part of user enumeration (done), or how to use the two open services…

you need to enumerate more on services :slight_smile:

alquimista same mistake i made, play about with nmap a bit more before rushing in on those “2” services.

@IrfanRizvi said:

@rek2 said:
I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

any hint for wordlist to crack root hash?

msg me in private not sure if adding that here is a spoiler or not.

My nmap scans are taking way too long. Is that normal?

@abogaida said:
My nmap scans are taking way too long. Is that normal?

Box is a little bit awkward with nmap scanning noticed, try Zenmap. It helped when I was trying to scan it when it came out.

@abogaida said:
My nmap scans are taking way too long. Is that normal?

Try adding the --min-rate 1000 --max-retries 5

This is normally very bad practice, you could knock something over very easily, or miss something on a box that is responding slowly.

Also try tinkering with --min-parallelism …

That being said, the most frustrating part of this box are people that trash it, necessitating a reset.

Thank you all, my nmap just finished.

Is there any way to do this without brute-forcing? I hate it when I have to resort to that. I must be something wrong…

@AcroTiger said:
Is there any way to do this without brute-forcing? I hate it when I have to resort to that. I must be something wrong…

There are previous comments that address this. :slight_smile:

AcroTiger if you need a hint PM me

Logged in. Any tips on next move? Still working on getting user.txt. I know where it is but nothing jumping out to get there. Can DM me on MM.

@wbbugs said:
Logged in. Any tips on next move? Still working on getting user.txt. I know where it is but nothing jumping out to get there. Can DM me on MM.

Logged in too and have been stuck. same here and Appreciate for help, plz .

@quadzer0 said:

There are previous comments that address this. :slight_smile:

Hello bro @quadzer0 , I’ve logged it and stuck here. :smiley: plz, kind help again?

@abogaida said:
My nmap scans are taking way too long. Is that normal?

use massacn for fast scan …(but i m not recommend this scanning )
----------SYNTAX--------
masscan -e INTERFACE -p 1-65535 --rate=200 TARGET-IP

Hello I’ve seen people sending message on Sunday. How Can I send a message, plz?