Official Blunder Discussion

Type your comment> @gunroot said:

Type your comment> @thewetbandit said:

I’ve found a hash for h***. I can’t seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
Hash Analyzer - TunnelsUP

Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
John/Hashcat will crack it against rockyou.txt.
You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

If not worked out, then you can use the below link to crack the hash without mentioning the has format.
(**Note this link will work only for very commonly used passwords.)
http://www.hashes.com

Hope this will help you out.
:wink: Good luck.

I’ve already cracked with john and it seems didn’t get the right password. I’m still investigate it what’s wrong with the format.

@ak9999 said:

i am unable to crack the hash that i obtained from the u****.php. i have used several online services as well as hashcat and its turning into a time suck. any tips would be greatly appreciated.

Are you 100% sure you have a hash that is crackable? For example, are you able to match it to an account on the system you want to use it against?

Type your comment> @herapen09 said:

Type your comment> @gunroot said:

Type your comment> @thewetbandit said:

I’ve found a hash for h***. I can’t seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
Hash Analyzer - TunnelsUP

Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
John/Hashcat will crack it against rockyou.txt.
You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

If not worked out, then you can use the below link to crack the hash without mentioning the has format.
(**Note this link will work only for very commonly used passwords.)
http://www.hashes.com

Hope this will help you out.
:wink: Good luck.

I’ve already cracked with john and it seems didn’t get the right password. I’m still investigate it what’s wrong with the format.

I’ve already rooted this box. Got a clue from the box maker. Thanks @egotisticalSW for the box and the clue.

Hi,

I’m stuggling with the initial foothold :frowning: i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result…

maybe my username is not the right one ?

Thx

Rooted.
PM for hits :slight_smile:

Rooted! this was a fun first box, learned a bit about privesc and enumeration doing this one.

hey guys plz someone help me i am getting this error

[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[*] Exploit completed, but no session was created.

and when i check thee exploit it say ::
[*] 10.10.10.191:80 - The target is not exploitable.

Hi,

I need some help (in DM) for privilege escalation.
I’m stuck on www-data user.
I used LinEnum and LinPeas to look for some clues but I didn’t find anything.
I searched for zip and backup file … nothing.
I searched for (valid) passwords in text files … nothing.
I searched on Google for “Ubuntu 19.10 privilege escalation”, I found something about sudo but it’s not applicable.

Thanks in advance

[EDIT]

Uhm … I haven’t tried the bruteforce of the u*****. php file yet … my next step

for those struggling with m** , python can take you there!

Scripts didn’t help me, when I was rooting the box> @BIGGYBBQ said:

Hi,

I’m stuggling with the initial foothold :frowning: i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result…

maybe my username is not the right one ?

Thx

probably not :wink:

How did you guess the password here?

Type your comment> @andrhtb said:

How did you guess the password here?

use the exploit instead of password guessing
you will need to make a little tweak in the exploit!

Type your comment> @gunroot said:

Type your comment> @thewetbandit said:

I’ve found a hash for h***. I can’t seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
Hash Analyzer - TunnelsUP

Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
John/Hashcat will crack it against rockyou.txt.
You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

If not worked out, then you can use the below link to crack the hash without mentioning the has format.
(**Note this link will work only for very commonly used passwords.)
http://www.hashes.com

Hope this will help you out.
:wink: Good luck.

m doing it with hashcat (s**1 -algorithm)…still it terminates as soon as i start it!
and the websites you mentioned couldnt guess it!
anything else i should try?!!
you sure its in rockyou?

@in3vitab13 did you try “–force” ? Also, can anyone help me with the username I’m lost? I think I have tried all the ones I can think of with a cool list of words. Any help would be appreciated.

@waido said:

Hi,

I need some help (in DM) for privilege escalation.
I’m stuck on www-data user.
I used LinEnum and LinPeas to look for some clues but I didn’t find anything.
I searched for zip and backup file … nothing.
I searched for (valid) passwords in text files … nothing.
I searched on Google for “Ubuntu 19.10 privilege escalation”, I found something about sudo but it’s not applicable.

In very general terms manual enumeration is much better than scripts.

Thanks in advance

[EDIT]

Uhm … I haven’t tried the bruteforce of the u*****. php file yet … my next step

As a rule of thumb for HTB, if it doesn’t crack quickly it might not be the right thing. For attacks like this, try to have an idea of what account you are looking for and a reason to think it should be active on the machine.

@in3vitab13 said:

m doing it with hashcat (s**1 -algorithm)…still it terminates as soon as i start it!
and the websites you mentioned couldnt guess it!
anything else i should try?!!
you sure its in rockyou?

I don’t think it is in the default rockyou, but I could be wrong. If you have the right thing, there is an online tool which solves this for you in seconds.

If you have the wrong thing, you could spend months on this. If you are in any doubt, check you have a good reason to think the thing you have will work.

@BIGGYBBQ said:

Hi,

I’m stuggling with the initial foothold :frowning: i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result…

maybe my username is not the right one ?

Thx

Almost certain that you have the wrong username.

@andrhtb said:

How did you guess the password here?

I don’t think people guess - more likely they use a brute force approach with a custom wordlist.

Type your comment> @Redh00d03 said:

@in3vitab13 did you try “–force” ? Also, can anyone help me with the username I’m lost? I think I have tried all the ones I can think of with a cool list of words. Any help would be appreciated.

ohkay i try --force!
are you talking aboout username for b****?! or anything else!

@Redh00d03 said:
@in3vitab13 did you try “–force” ?

still getting exhausted, just like before!