Apocalyst

m0nk3y22 · November 15, 2017, 8:03am

@Linoge said:
is steganography needed to get into the system?

steganography is very usefull !!

Linoge · November 15, 2017, 10:22am

@m0nk3y22 said:

@Linoge said:
is steganography needed to get into the system?

steganography is very usefull !!

which tools did you use? tried steghide and stegsuite but because don’t know the passphrase, I cannot extract it. I have a passlist from cewl. should I use it for the images? Am I in the right track or completely off???

m0nk3y22 · November 15, 2017, 10:29am

@Linoge said:

@m0nk3y22 said:

@Linoge said:
is steganography needed to get into the system?

steganography is very usefull !!

which tools did you use? tried steghide and stegsuite but because don’t know the passphrase, I cannot extract it. I have a passlist from cewl. should I use it for the images? Am I in the right track or completely off???

check for the first command you mentioned. you should use it in a specific image! the “size” always matters

oucema001 · November 16, 2017, 12:27pm

@m0nk3y22 said:

@Linoge said:

@m0nk3y22 said:

@Linoge said:
is steganography needed to get into the system?

steganography is very usefull !!

which tools did you use? tried steghide and stegsuite but because don’t know the passphrase, I cannot extract it. I have a passlist from cewl. should I use it for the images? Am I in the right track or completely off???

check for the first command you mentioned. you should use it in a specific image! the “size” always matters

should i use dirbuster again with the extracted data or this is the wrong approach ?

likwidsec · November 17, 2017, 5:56am

@oucema001 - there are generally two things you will use “lists” for in pentesting… List of directory/filenames for web enumeration, and a list of words for cracking passwords. It’s a small amount of data, so it wouldn’t take too much time to try a few different things.

Happy Hacking! Good luck.

m0nk3y22 · November 22, 2017, 12:15pm

@oucema001 said:

@m0nk3y22 said:

@Linoge said:

@m0nk3y22 said:

@Linoge said:
is steganography needed to get into the system?

steganography is very usefull !!

which tools did you use? tried steghide and stegsuite but because don’t know the passphrase, I cannot extract it. I have a passlist from cewl. should I use it for the images? Am I in the right track or completely off???

check for the first command you mentioned. you should use it in a specific image! the “size” always matters

should i use dirbuster again with the extracted data or this is the wrong approach ?

No you are in the correct path

rek2 · November 23, 2017, 9:51am

is “needle” the right way to go? or is a fake lead? just wondering because I downloaded that particular thing and can’t open it with any dictionary.

diogt · November 23, 2017, 11:42am

One simple way to find out if you are in the correct path is to compare the size of the image in the “needle” with some random image from another url! also read the posts above.

rek2 · November 23, 2017, 11:44am

@diogt said:
One simple way to find out if you are in the correct path is to compare the size of the image in the “needle” with some random image from another url! also read the posts above.

yeah of course I did and a diff. so I am very sure it must be but I have used diff dictionaries and of course one made with cewl no luck… so made me doub myself. also is possible my ruby script is not working right… I did a test with other “things” I made and test it and it worked with my own, but not with this “thing”

edgarfriendly · November 23, 2017, 3:58pm

I enjoyed apocalyst. Aside from the tedious enumeration at the start, it was probably the easiest machine yet.

diogt · November 23, 2017, 4:27pm

@rek2 said:

@diogt said:
One simple way to find out if you are in the correct path is to compare the size of the image in the “needle” with some random image from another url! also read the posts above.

yeah of course I did and a diff. so I am very sure it must be but I have used diff dictionaries and of course one made with cewl no luck… so made me doub myself. also is possible my ruby script is not working right… I did a test with other “things” I made and test it and it worked with my own, but not with this “thing”

if you read this thread about apocalyst you’ll find your answers!

Glasgow · November 23, 2017, 8:24pm

I got a shell, but not via ssh (as the original question calls out). I’m not connected as the user (rather as the web user). Does the privesc require being logged in as the user, or will it still apply the way I’ve connected?

Glasgow · November 24, 2017, 8:04am

Scratch that last comment. I’m still stuck on the privesc piece though. Have tried suid with no luck. Any tips?

rek2 · November 24, 2017, 8:08am

@diogt said:

@rek2 said:

@diogt said:
One simple way to find out if you are in the correct path is to compare the size of the image in the “needle” with some random image from another url! also read the posts above.

yeah of course I did and a diff. so I am very sure it must be but I have used diff dictionaries and of course one made with cewl no luck… so made me doub myself. also is possible my ruby script is not working right… I did a test with other “things” I made and test it and it worked with my own, but not with this “thing”

if you read this thread about apocalyst you’ll find your answers!

cool, got home and was able to pass this step, about to continue in the adventure