Official Armageddon Discussion

Type your comment> @rancilio said:

Any help?

Stuck as a*e user, can’t find any creds or get msl to work to dump creds as suggested by others…

I know the struggle, if you have the correct stuff you should be able to work with it. I had the issue that my connection was broken after 1 query. So maybe a oneliner will do it for you.

@aliabdelmalek said:
hey guys

any help please

Not sure how to give a hint without spoiling, but if you think it should work, read the documentation how to use this thing.

i got everything the exploit worked for me but i couldn’t get reverse shell i tried bash,netcat,python,perl reverse shells but i didn’t recive anything in my listener please help me … i don’t wanna get the shell from the RAPID7 … … guid me plz or give me small hint and i ll be appricated

Hello, i can’t manage to work with ssh, i have a user and also password, but ssh seems not working, also reset machine doesn’t help.

Any ideas?

Type your comment> @yolocalhost said:

Hello, i can’t manage to work with ssh, i have a user and also password, but ssh seems not working, also reset machine doesn’t help.

Any ideas?

Please make sure your password is correct
The password is simple without any symbols
j**n Cracking the hash may produce some strange symbols

@dj3bb4ran0n said:
i got everything the exploit worked for me but i couldn’t get reverse shell i tried bash,netcat,python,perl reverse shells but i didn’t recive anything in my listener please help me … i don’t wanna get the shell from the RAPID7 … … guid me plz or give me small hint and i ll be appricated

Try the commonly used ports

Rooted. Thks to all the nudges on this page. DM me if you want some help. I’m pretty new and I will try my best to help.

Type your comment> @rancilio said:

Any help?

Stuck as a*e user, can’t find any creds or get msl to work to dump creds as suggested by others…

If you haven’t found any creds yet, you should enumerate more. Always have a look at things you can read in the context of the user you’re logged in.

Rooted.
Foothold: in the famous hacker tool (remind the name of the machine) you will find what you need, beware to use the correct payload. Needed to stabilize my foot in with a better shell.
User: Poke around where you spawned (no need to run the enum script) to find something interesting. Enumerate what you have and use what you’ve found. After some magics you’ll obtain the thing to have stable access
Root: enumerate what you can do and do some Google-fu. In my case needed to use a fraction of what is available.

Thanks for the box!

Could someone DM me a nudge? have basic shell with a****. found default m**** creds but they are not working. Want to run what I am doing past someone who has rooted to see if i am on correct track or not.

Hello, i can’t manage to work with ssh, i have a user and also passw, buy ssh seems not working, also reset machine does’nt help.

@backK said:
Type your comment> @yolocalhost said:

Hello, i can’t manage to work with ssh, i have a user and also password, but ssh seems not working, also reset machine doesn’t help.

Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-11 03:10 EDT
Nmap scan report for 10.10.10.233
Host is up (0.082s latency).

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
| 2048 82:c6:bb:c7:02:6a:93:bb:7c:cb:dd:9c:30:93:79:34 (RSA)
| 256 3a:ca:95:30:f3:12:d7:ca:45:05:bc:c7:f1:16:bb:fc (ECDSA)
|_ 256 7a:d4:b3:68:79:cf:62:8a:7d:5a:61:e7:06:0f:5f:33 (ED25519)

ssh -v XXXXXXX@10.10.10.233 130 ⨯
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 10.10.10.233 [10.10.10.233] port 22.
debug1: Connection established.
debug1: identity file /home/kali/.ssh/id_rsa type -1
debug1: identity file /home/kali/.ssh/id_rsa-cert type -1
debug1: identity file /home/kali/.ssh/id_dsa type -1
debug1: identity file /home/kali/.ssh/id_dsa-cert type -1
debug1: identity file /home/kali/.ssh/id_ecdsa type -1
debug1: identity file /home/kali/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/kali/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/kali/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/kali/.ssh/id_ed25519 type -1
debug1: identity file /home/kali/.ssh/id_ed25519-cert type -1
debug1: identity file /home/kali/.ssh/id_ed25519_sk type -1
debug1: identity file /home/kali/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/kali/.ssh/id_xmss type -1
debug1: identity file /home/kali/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0
,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 10.10.10.233:22 as ‘XXXXXXX’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 10.10.10.233 port 22

Any ideas?

Please make sure your password is correct
The password is simple without any symbols
j**n Cracking the hash may produce some strange symbols

passw was correct, but no ssh connection to server, support resolved this issue.

Finally owned.

I found 3 credential on db u**r but ,how i can bruteforce password??? Give me references

Type your comment> @psfauzi said:

I found 3 credential on db u**r but ,how i can bruteforce password??? Give me references

Hydra,dictionary

rooted. dang @bertolis that was a tough “easy” box. Thanks to @philralph, @SackOfHacks and @ironman2 for the nudges/conversation.

Finally rooted! Thank you guys for the hints in the discussion and thru PM!

Nice box. Enjoyed pwning it. Thanks…

I got initial foot hold with user a****e struggling with user, kindly DM if someone can assist.

Rooted.
This was a not so “easy” box, I get the medium rating now.

uid=0(root) gid=0(root) groupes=0(root)

Hi,

I have got the initial shell and have access to m***l credentials. When i try to access the db, i get access denied.
Not sure what I’m missing here. Can anyone give a possible hint on how to move forward.