Remote

Spoiler Removed

Hey guys, I found a user hash but after searching it says not a valid hash. So, I’m trying to crack this hash but not getting any idea how to crack it ??. So, need a little help ?

Type your comment> @Anand007 said:

Hey guys, I found a user hash but after searching it says not a valid hash. So, I’m trying to crack this hash but not getting any idea how to crack it ??. So, need a little help ?

Valid hash is SHA1 and if you found right file and correct copypasted that john will cracks it

I’ve done it :slight_smile:

I have been stuck for hours with ROOT. I have done everything I know/found related to US but I can’t receive a shell. Would anyone please PM me and give me a little push forward?

rooted what a pain everyone is doing the same which is causing your session to die

I hope people were more subtle and gentle with the machines. Resets all the time, change of credentials, shutdown of important services etc. I’ve been banging my head all day with the people that are trying to get inside the machine.

EDIT: There is someone out there (he knows who he is) that keeps resetting the machine every 2 minutes and it really frustrated me. I’ve been trying to complete the machine for 1 hour now and I keep redoing steps again and again just to ■■■■ him/her off.

Root achieved. Went the U*****C way. Worked pretty well with an extra runas tool (not the native one).

I gave this machine 12 hours now of my time, and it almost looks like there are people fixing the vulnerabilities on this machine. Services are disappearing, vulnerabilities are vaporized and this seems a pretty safe machine to me lol.

Session dies every 10-15 minutes.

I will try the 2nd approach tomorrow, getting fed up and I am out of icecream :blush:

Type your comment> @Annabella said:

I gave this machine 12 hours now of my time

Okay, 2nd approach and some fixie-fixie on C****o library shizzle got me root within 15 minutes. Although the amount of hours is insane - I learned so much.

I love it! goes buy new icecream now

Rooted using the TV approach. I’m awful at Windows and would appreciate any messages with tips for getting stable shells after the initial access as not being able to do so slowed me down quite a bit.

Rooted with the TV way. I have made many attempts to do it with the U…S… and always a reverse shell is opened and terminated before even getting a command prompt!!

Can anyone please PM me of how it was done using U…S… I want to know what I did miss to make it work.

I need tips for root pleaseee

Hi. I’ve managed to ck one of the credentials in the s file. I am still not able to log in. I am wondering if this account is not supposed to be used. I am not able to crack the other ha*** because they have a different format (I’ve tried --fo****). Is this the correct way to go with this? I am unsure about the account that I have.

@dany10101 said:

Hi. I’ve managed to ck one of the credentials in the s file. I am still not able to log in. I am wondering if this account is not supposed to be used. I am not able to crack the other ha*** because they have a different format (I’ve tried --fo****). Is this the correct way to go with this? I am unsure about the account that I have.

The credential you’ve cracked is probably the one you need to use (I am guessing here as I dont know which one you’ve cracked).

It comes with an email address, so you can now use the combination to log into the portal associated with the file you got the password from.

Type your comment> @TazWake said:

@dany10101 said:

Hi. I’ve managed to ck one of the credentials in the s file. I am still not able to log in. I am wondering if this account is not supposed to be used. I am not able to crack the other ha*** because they have a different format (I’ve tried --fo****). Is this the correct way to go with this? I am unsure about the account that I have.

The credential you’ve cracked is probably the one you need to use (I am guessing here as I dont know which one you’ve cracked).

It comes with an email address, so you can now use the combination to log into the portal associated with the file you got the password from.

Yeah, that was correct. I was trying the username. Since there were other accounts, I didn’t know if this is a rabbit hole. Usually this account is disabled externally.

Excellent box really quite fun!

User: enum, google, and there is a nicer version of the code on a GitHub page

Root: remote access is beautiful but equally dangerous

PM if you need hints.

possible that someone changed the admin password for the portal ? i was connected and now the password don’t works

Type your comment> @fr0ster said:

Type your comment> @Anand007 said:

Hey guys, I found a user hash but after searching it says not a valid hash. So, I’m trying to crack this hash but not getting any idea how to crack it ??. So, need a little help ?

Valid hash is SHA1 and if you found right file and correct copypasted that john will cracks it

Thanks man, It works.! I was missing a single char that’s why John was not detecting a valid hash.

Hoping someone can point me in the right direction with the reverse shell for user. I actually already have the user flag. I’m logged in, I’m using the better version of the exploit, I’m able to execute single remote commands with it and get the output. I used this to get the user flag. So now I’m trying to get a stable reverse shell. I used a venomous tool to create an executable file. I then managed to upload it to the app and I am actually able to call it at its location on the file system. My problem is this: when I execute it using the POC, it calls my listener back here locally, but only for a couple seconds, and then dies. Did anyone else experience this? Could anyone point me toward what I should be debugging? I’m wondering if I’m not generate the exact right thing with that venom tool, but it does actually call me back, just not long enough to do anything.

Type your comment> @Ninkasi said:

Help!

Keep getting this error when trying the py script ~

Traceback (most recent call last):
File “1.py”, line 53, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object has no attribute ‘getitem

Anyone? PM

it is time error…eg: may be your location mismatch with your current time… for me it’s worked after i corrected my time