Valentine

1679111218

Comments

  • edited May 2018

    There is an exploit that you have to run that dumps out a lot of random information. The name of the box and the picture on the webpage is a hint to this exploit.

    1u1zsec

  • > @Largoh said:
    > No idea where everyone is getting passphrase from. I've tried using jtr to get it from the rsa key but get strange character along with normal characters

    My heart bleeds for you.
  • > @JOk3Rxvi said:
    > have rsa key, and passphrase.. can not find username anywhere!!!! please give me a hint!!!!!1

    The username is right under your nose. Where did you get the key?
  • @impetuousdanny said:

    @Largoh said:
    No idea where everyone is getting passphrase from. I've tried using jtr to get it from the rsa key but get strange character along with normal characters


    My heart bleeds for you.

    This is exactly what I needed! Thank you

    Largoat

  • Now rooted. Took ages trying to get root. I reset the box and then it was obvious.

    Largoat

  • Hi @ all, I'm looking several hours for the passphrase without any luck. Would be nice if s.o. could PM me some hints...

    THX

  • @Largoh said:

    @impetuousdanny said:

    @Largoh said:
    No idea where everyone is getting passphrase from. I've tried using jtr to get it from the rsa key but get strange character along with normal characters


    My heart bleeds for you.

    This is exactly what I needed! Thank you

    @H3X

  • I have the password (I assume) but I cannot find the RSA key everyone keeps talking about.

    Hack The Box

  • @J3rryBl4nks said:
    I have the password (I assume) but I cannot find the RSA key everyone keeps talking about.

    Have you enumerated all the dirs/files?

  • @sk2k said:

    @J3rryBl4nks said:
    I have the password (I assume) but I cannot find the RSA key everyone keeps talking about.

    Have you enumerated all the dirs/files?

    There is a file called _key that I tried to reverse but I could never get it to be anything but gibberish.

    Hack The Box

  • @J3rryBl4nks said:

    @sk2k said:

    @J3rryBl4nks said:
    I have the password (I assume) but I cannot find the RSA key everyone keeps talking about.

    Have you enumerated all the dirs/files?

    There is a file called _key that I tried to reverse but I could never get it to be anything but gibberish.

    Maybe if you knew what you were reversing it wouldn't come out as gibberish?

  • @impetuousdanny said:

    @J3rryBl4nks said:

    @sk2k said:

    @J3rryBl4nks said:
    I have the password (I assume) but I cannot find the RSA key everyone keeps talking about.

    Have you enumerated all the dirs/files?

    There is a file called _key that I tried to reverse but I could never get it to be anything but gibberish.

    Maybe if you knew what you were reversing it wouldn't come out as gibberish?

    Yea don't overthink this, its nothing complicated

  • edited May 2018

    I am having trouble with getting root, I tried the dirty way but it doesnt seem to work. Any hints?

    nvm, got it in the end. However can someone PM me where the hint in enum was supposed to be?

    prutz

  • If when you are trying to priv esc using the "dirty method", and it doesn't seem to work, be patient. The exploit can take awhile to complete, that's just the nature of the beast

  • @capnspacehook said:
    If when you are trying to priv esc using the "dirty method", and it doesn't seem to work, be patient. The exploit can take awhile to complete, that's just the nature of the beast

    how long should it normally take to complete? trying to do both the dirty way and normal way!

  • Alright, I really wanted to find the username all by myself but I have hit a road block. I used the python script, I have what I believe is the password, I have used patator to attempt to brute force the username with a custom list of multiple names found through enumeration. Can someone PM me and give me a little hint on the username? Appreciate it.

  • @JOk3Rxvi said:

    @capnspacehook said:
    If when you are trying to priv esc using the "dirty method", and it doesn't seem to work, be patient. The exploit can take awhile to complete, that's just the nature of the beast

    how long should it normally take to complete? trying to do both the dirty way and normal way!

    The dirty way could take anywhere from 1 to 10 mins, when I ran it it took around 5. Not sure what you mean by the 'normal' method, PM me about that

  • Got root, but not sure that was the way to do it... Can someone PM me so that I can check.

  • I need help, I found, private key, decoder, encode more information
    someone to send me a private please

  • @impetuousdanny said:
    > @Largoh said:
    > No idea where everyone is getting passphrase from. I've tried using jtr to get it from the rsa key but get strange character along with normal characters

    My heart bleeds for you.

    Hello , @impetuousdanny , may I have some more hint on "My heart bleeds for you"?

  • > @st4rry said:
    > @impetuousdanny said:
    > > @Largoh said:
    > > No idea where everyone is getting passphrase from. I've tried using jtr to get it from the rsa key but get strange character along with normal characters
    >
    > My heart bleeds for you.
    >
    >
    >
    >
    >
    > Hello , @impetuousdanny , may I have some more hint on "My heart bleeds for you"?

    OpenSSH
  • Thanks for the nudges, I was trying to make getting the key a lot harder than it was.

    Hack The Box

  • what is the password that everyone speaks I only found the note and the private key

  • i want to check if i m on right way , ?
    anyone who solve can help me

  • @Anna said:
    i want to check if i m on right way , ?
    anyone who solve can help me

    dm me if u u need too!

  • @Vburgos said:
    what is the password that everyone speaks I only found the note and the private key

    shouldnt need a password...

  • @JOk3Rxvi said:

    @Vburgos said:
    what is the password that everyone speaks I only found the note and the private key

    shouldnt need a password...

    thank you very much for answering and I found the piece that I was missing

  • im stuck on the initial foothold. i have the rsa and passphrase but ssh still prompts me for a password that i cannot find. can anyone PM me a hint/tell me where i'm going wrong?

  • @SirFIS said:
    im stuck on the initial foothold. i have the rsa and passphrase but ssh still prompts me for a password that i cannot find. can anyone PM me a hint/tell me where i'm going wrong?

    There's a huge hint for as to what you need to do, don't think too hard. There's are context clues you can use. Take some time & look at the 'artwork' that's given.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • I think I got everything I need. Got the priv key, used the exploit for that phrase to be decoded. Got the pub key. I just don't know how to put it all together for that initial ssh connection. The SSH is still asking for a password and I tried using the phrase found in the exploit output but it didn't work. a bit stuck now...

Sign In to comment.