john hasn’t cracked it but decided to hide it from you (–show).
Alternatively try the Magnum Ripper version - its a bit more stable.
I’m 99% sure it’s in the correct format, I run the file that I curl for through ssh2**** and then feed that john. When I run john I specify the most common word list and the format. When I run --show i get “0 password hashes cracked, 1 left”
I’m 99% sure it’s in the correct format, I run the file that I curl for through ssh2**** and then feed that john. When I run john I specify the most common word list and the format. When I run --show i get “0 password hashes cracked, 1 left”
@hrevans i had the same issue, i just added some thing like /h**e/ at the beginning of the file provided by ssh2**** and it works like a charm. btw it’s my firs user
i hope this helpful
I read a lot of “John” here, but uncle john isn’t needed.
Many ways to skin a cat, but using John here is like trying to explode the door of a safe, when the window right next to it is open…
Hi, Ive rooted the box earlier but not the john-route. Today I went back and want to manage to get in that way, but johns answer seems to be incorrect? DM me if you have any nudge/comment on that?
I’d be fascinated to know you bypassed the need for John (or some equivalent tool) on this box.
Happy to discuss in private if that is easier.
It is technically possible to do this without the need for john, but the chance to break the server for everyone in the process is pretty good.
It is technically possible to do this without the need for john, but the chance to break the server for everyone in the process is pretty good.
Not sure what you have in mind, but what I talk about is completely safe and much easier than using john: it takes about zero effort and resources to do it.
It is technically possible to do this without the need for john, but the chance to break the server for everyone in the process is pretty good.
You alter the box, which is bad, I agree. It might confuse other users, and provide unneccessary rabbitholes. So you better clean up after yourself fast, and probably do it in the vip-tier where you have the box for yourself.
BUT you dont break anything for other users if you know what you are doing :). add instead of replace.
You alter the box, which is bad, I agree. It might confuse other users, and provide unneccessary rabbitholes. So you better clean up after yourself fast, and probably do it in the vip-tier where you have the box for yourself.
BUT you dont break anything for other users if you know what you are doing :). add instead of replace.
The path I talk about adds and breaks nothing and allows for cleanup just as well, leaving all in tact that is, creating no other holes.
I am new to all this and this box is an amazing eye-opener. I learned a lot, especially enumeration and linux privilege escalation. many thanks to all the hints provided here. and a big thanks to @kbotnen . for your patience and very good hints. and of course, the user who created this box. can’t find the username (sorry about that)
i guess there is never such thing as “too much enumeration”. really enjoyed this box.
I need a nudge on accessing the m**** d*. I found creds but trying to access on the box gives me no output. I’m confused because I use the same exploit I see in the writeup I’m following but I guess the tty (if that’s the right word) is different/ less responsive.
I’ve been on this box for days now but I’m NOT GIVING UP!
I need a nudge on accessing the m**** d*. I found creds but trying to access on the box gives me no output. I’m confused because I use the same exploit I see in the writeup I’m following but I guess the tty (if that’s the right word) is different/ less responsive.
I’ve been on this box for days now but I’m NOT GIVING UP!
The good news is that, as the box is retired, spolier reporting might be a bit more relaxed now.
So, in the first instance, I’d say if you are trying to attack a database application, you’ve gone down a rabbit hole.
If you have creds, check for cred reuse on other ports.