Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Anyone else having an issue where the hash for p**l isn't there? Am i just blind lol
I was a lazy guy and I missed it twice while reading the file. When you have a lot of text in front of you, look carefully, understand what you are looking. It helps a lot
I posted my views on this on the cyber badger and HTB official discords... Good box @ChefByzen ... some of it felt a little too CTFy to me but then of course that is the way life works sometimes.
Foothold - some googling will land you at a starting point, some digging will land you at a method to gain access to a low-priv shell. [Pre-made works, but you won't learn from it. use premade afterwards!]
User - Look at what is available to you with your low-priv shell. Search for juicy files that could net you loot. Trust me, you haven't looked hard enough yet if you are stuck here. its all available for you.
Privesc - pay attention to what you have access to. attention to detail will get you moving forward
Root - more enumeration and google-fu will land you an article, read up and execute for your soon to be root shell
Initial foothold was easy and user makes sense if you look right in front of your nose and think whether admins reuse same things for multiple people. I had a pretty good idea with how to get root but trying to understand the service and its syntax took me a bit.
Fun box nonetheless.
Send me a PM if you need help or nudges.
Got root, thanks to some hints here and Gunroot.
Mainly a newbie to pentesting and Linux world in general so it's fair to say I learnt a lot about what you can do
No idea how to get user.txt, I feel like I've looked around everywhere, can someone point me to the right direction? thank you.
Its difficult to answer this because the simplest non-spoiler answer is to enumerate. Look in the files and folders. Make sure you know what you've found and dont assume because something looks like a random string of characters that it isn't useful.
But there's a lot of data to work through. Unfortunately, this is realistic - you might do a pentest and land on a box which has 30 user's documents and you have to go through terabytes of tedious stuff to see if they've left credentials out.
The main thing I can say is dont go too far from where your shell lands. Look at the files. If its encoded, decode it. If its hashed try to crack it. etc.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Is their a tool that can automate this enumeration process? I have tried to zip the interesting directory and copied it to my machine and I've been using grep with a certain 'rocking' wordlist hinted in this thread but so far the only thing I've managed to achieve is freezing my vm due to the grep errors because of unescaped characters in the wordlist. Am I on the right path or am I digging in the completely wrong direction?
Is their a tool that can automate this enumeration process?
Not that I know of, but if you found yourself doing this a lot it might be worth creating one.
You can possibly script it with some bash.
I have tried to zip the interesting directory and copied it to my machine and I've been using grep with a certain 'rocking' wordlist hinted in this thread but so far the only thing I've managed to achieve is freezing my vm due to the grep errors because of unescaped characters in the wordlist. Am I on the right path or am I digging in the completely wrong direction?
You might have pulled down too much data but you are definitely in the right area. I don't think running grep with a wordlist will get you what you need.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Thanks @ChefByzen, I enjoyed this machine a lot. Just right amount of CVE, guessing and enumeration.
Hints:
Foothold - check what is used and how old it is. Do it by hand if sploit fails.
User1 - search for interesting files, find interesting pattern. Maybe ask chef if he can help you.
User2 - check how can you login with that username. What would you use if you are User1?
Root - you are going places. Google if you are already famous?
Hey guys! I need a hint. So i have a ww-dta shell, got decrypted creds to pl and n***v but i can't drop to theirs accounts because w-d*ta shell don't take input, like su and ssh requires a key file. I should enumerate next too?
Hey guys! I need a hint. So i have a ww-dta shell, got decrypted creds to ************* but i can't drop to theirs accounts because w**-d*ta shell don't take input, like su and ssh requires a key file. I should enumerate next too?
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Hey guys! I need a hint. So i have a ww-dta shell, got decrypted creds to pl and n***v but i can't drop to theirs accounts because w-d*ta shell don't take input, like su and ssh requires a key file. I should enumerate next too?
How did you decrypt the creds of n*v,
I was only able to decrypt pl's creds.
Could someone give me a hint? I found the /C**eN***/ L**** p*** and now i don't know what to do with it, I barely found it almost by accident without the dirbuster
Could someone give me a hint? I found the /C**eN***/ L**** p*** and now i don't know what to do with it, I barely found it almost by accident without the dirbuster
There is no need of dirbuster to get the shell. Just read everything on the webpage and use google.
Could someone give me a hint? I found the /C**eN***/ L**** p*** and now i don't know what to do with it, I barely found it almost by accident without the dirbuster
There is no need of dirbuster to get the shell. Just read everything on the webpage and use google.
after some googling i found an e*****t and after running it i'm in a s***l in www-data with a suspicious file named ex***** and a lot of .php files, am i on the right track?
No idea how to get user.txt, I feel like I've looked around everywhere, can someone point me to the right direction? thank you.
Its difficult to answer this because the simplest non-spoiler answer is to enumerate. Look in the files and folders. Make sure you know what you've found and dont assume because something looks like a random string of characters that it isn't useful.
But there's a lot of data to work through. Unfortunately, this is realistic - you might do a pentest and land on a box which has 30 user's documents and you have to go through terabytes of tedious stuff to see if they've left credentials out.
The main thing I can say is dont go too far from where your shell lands. Look at the files. If its encoded, decode it. If its hashed try to crack it. etc.
Understood, nonetheless thank you so much! I appreciate whatever help I can get
Comments
Uh, I fell really dumb.
I'm looking for the interesting file to gain access to User 1.
I know what I should find in, I'm sure I missed it, but I can't find it...
Spoiler Removed
Am I on the right path ?
Thanks !
Type your comment> @Sigerbjorn said:
yes
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
@Shides said:
Enumerate. Look for something which has certain settings that you can use to your advantage.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Anyone else having an issue where the hash for p**l isn't there? Am i just blind lol
Always happy to help, DM me if you need anything!
Link to Profile
@LMAY75 said:
Double-check to make sure it isn't there. Be sure what you are looking for.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Type your comment> @LMAY75 said:
I was a lazy guy and I missed it twice while reading the file. When you have a lot of text in front of you, look carefully, understand what you are looking. It helps a lot
Rooted !
That was a cool ride.
I overwhelmed the Foothold and the User !
Once those two passed, it was pretty easy and straightforward.
DM me if you need a nudge.
I posted my views on this on the cyber badger and HTB official discords... Good box @ChefByzen ... some of it felt a little too CTFy to me but then of course that is the way life works sometimes.
Foothold - some googling will land you at a starting point, some digging will land you at a method to gain access to a low-priv shell. [Pre-made works, but you won't learn from it. use premade afterwards!]
User - Look at what is available to you with your low-priv shell. Search for juicy files that could net you loot. Trust me, you haven't looked hard enough yet if you are stuck here. its all available for you.
Privesc - pay attention to what you have access to. attention to detail will get you moving forward
Root - more enumeration and google-fu will land you an article, read up and execute for your soon to be root shell
uid=0(root) gid=0(root) groups=0(root)
Shoutout to @TazWake for the help
I'm curious about the priv esc, what other commands can be run through there/how else can I use it? PM me if you know more about it.
Always happy to help, DM me if you need anything!
Link to Profile
rooted!
Initial foothold was easy and user makes sense if you look right in front of your nose and think whether admins reuse same things for multiple people. I had a pretty good idea with how to get root but trying to understand the service and its syntax took me a bit.
Fun box nonetheless.
Send me a PM if you need help or nudges.
Got my first user.txt without looking at any hints here, pretty happy
, maybe I got lucky.
Working on root now !
> Got my first user.txt without looking at any hints here, pretty happy
Nice. Good luck on root.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Really interesting machine, thx @chefbyzen, learned some stuff here.
Feel free to PM for nudges btw
PM for nudges, will be glad to help you.
Someone mind dm'ing me? Stuck on getting user1. I've enumerated the whole dir and can't fine anything of interest. Thanks!
Good machine for OSCP preparation, try to think out of the box DM me for nudges
OSCP
Got root, thanks to some hints here and Gunroot.
Mainly a newbie to pentesting and Linux world in general so it's fair to say I learnt a lot about what you can do
No idea how to get user.txt, I feel like I've looked around everywhere, can someone point me to the right direction? thank you.
Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6
@PapyrusTheGuru said:
Its difficult to answer this because the simplest non-spoiler answer is to enumerate. Look in the files and folders. Make sure you know what you've found and dont assume because something looks like a random string of characters that it isn't useful.
But there's a lot of data to work through. Unfortunately, this is realistic - you might do a pentest and land on a box which has 30 user's documents and you have to go through terabytes of tedious stuff to see if they've left credentials out.
The main thing I can say is dont go too far from where your shell lands. Look at the files. If its encoded, decode it. If its hashed try to crack it. etc.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Is their a tool that can automate this enumeration process? I have tried to zip the interesting directory and copied it to my machine and I've been using grep with a certain 'rocking' wordlist hinted in this thread but so far the only thing I've managed to achieve is freezing my vm due to the grep errors because of unescaped characters in the wordlist. Am I on the right path or am I digging in the completely wrong direction?
@0xR3tr0z said:
Not that I know of, but if you found yourself doing this a lot it might be worth creating one.
You can possibly script it with some bash.
You might have pulled down too much data but you are definitely in the right area. I don't think running grep with a wordlist will get you what you need.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Thanks @ChefByzen, I enjoyed this machine a lot. Just right amount of CVE, guessing and enumeration.
Hints:
Foothold - check what is used and how old it is. Do it by hand if sploit fails.
User1 - search for interesting files, find interesting pattern. Maybe ask chef if he can help you.
User2 - check how can you login with that username. What would you use if you are User1?
Root - you are going places. Google if you are already famous?
Rooted !
Took me about 2hours on how to get the bus hhhhhh
Why 50 53R10U5
Hey guys! I need a hint. So i have a ww-dta shell, got decrypted creds to pl and n***v but i can't drop to theirs accounts because w-d*ta shell don't take input, like su and ssh requires a key file. I should enumerate next too?
@MillyBilligan said:
Have you tried getting a better shell?
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted. Happy to take PMs but I may not check often.
Type your comment> @MillyBilligan said:
How did you decrypt the creds of n*v,
I was only able to decrypt pl's creds.
Could someone give me a hint? I found the /C**eN***/ L**** p*** and now i don't know what to do with it, I barely found it almost by accident without the dirbuster
Type your comment> @Limpskinz said:
There is no need of dirbuster to get the shell. Just read everything on the webpage and use google.
Type your comment> @gs4l said:
after some googling i found an e*****t and after running it i'm in a s***l in www-data with a suspicious file named ex***** and a lot of .php files, am i on the right track?
Type your comment> @TazWake said:
Understood, nonetheless thank you so much! I appreciate whatever help I can get
Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6