Calamity - ssh password

Some hint in Calamity to get ssh password? I cant find anything in the audio files :frowning:

Dig deeper into the audio files. Have the audacity.

There should be two audio files that sound the same. You have everything you need in those files. If you get stuck, message me and Iā€™ll try give you more of a nudge. But just try research as much as you can first.

Also, download audacity. Itā€™s free and easy to use for audio editing.

tried audicity and nothing in the spectogram. Where is the password hidden? the password is an audio or text?

try harder with audacity
from A to B from A to B :slight_smile:

not able to understand still whats there in the voice after using audacityā€¦

@looping said:
not able to understand still whats there in the voice after using audacityā€¦

If done properly, you can easily get the password. No extra effort will be required after that

I get the password, now, Iā€™m stopped in priv esc, how to continue? (Sorry, bad english)

@SkuLL said:
I get the password, now, Iā€™m stopped in priv esc, how to continue? (Sorry, bad english)

Enumerate. There should be something you see on there that you donā€™t see on other boxes on here. Find out what itā€™s used for, and then see what you can use it on. Itā€™s difficult. Nobody can walk you through it.

@SkuLL said:
I get the password, now, Iā€™m stopped in priv esc, how to continue? (Sorry, bad english)

Iā€™d suggest putting this one on hold and moving on to an easier one. Once youā€™ve completed ALL ā€œEasyā€ and ā€œMediumā€ difficulty machines, maybe then come back to Calamity.

am in calamity ā€¦ gonna try privs ā€¦ am not good this type of exploitation ā€¦ BTW i already have done a machien witout ASLR ā€¦ i know it will be goodluck to exploit with ā€¦do i need to create my binery of some special bytes etc???

@bug said:
am in calamity ā€¦ gonna try privs ā€¦ am not good this type of exploitation ā€¦ BTW i already have done a machien witout ASLR ā€¦ i know it will be goodluck to exploit with ā€¦do i need to create my binery of some special bytes etc???

This is one of the hardest privesc scenarios on HTB, in my opinion. You wonā€™t find much help or guidance on this machine.

@bug said:
am in calamity ā€¦ gonna try privs ā€¦ am not good this type of exploitation ā€¦ BTW i already have done a machien witout ASLR ā€¦ i know it will be goodluck to exploit with ā€¦do i need to create my binery of some special bytes etc???

Hi there bug!

Well, Iā€™m still at it but I am on the right track. So hereā€™s some tips for youā€¦:

  1. Find the way to trigger something. Have a look at the sources; it seems pretty obvious, I think.

  2. Once you have triggered that ā€œsomethingā€, feed it with some crafted piece of shell-code to do whatever you think you need to do in order to p0wn the system ā€¦

Tips: maybe you would need more than one ā€œspecial craftedā€ input ā€¦

Iā€™m trying to get the ssh pass, but, since I donā€™t speak english, well, canā€™t undertand the pass haha

Anybody can help me?

@puerkito66 said:
Iā€™m trying to get the ssh pass, but, since I donā€™t speak english, well, canā€™t undertand the pass haha

Anybody can help me?

I guess that, in your case, you should contact HTB staffā€¦

@socialkas said:

@puerkito66 said:
Iā€™m trying to get the ssh pass, but, since I donā€™t speak english, well, canā€™t undertand the pass haha

Anybody can help me?

I guess that, in your case, you should contact HTB staffā€¦

nevermind, I got it

Well guys, Iā€™ve finally did it! I p0wned calamity, amazing experienceā€¦ 6 terrible days studying about BOFS, ROPā€¦but finally, itā€™s done. Amazing what iā€™ve learnedā€¦

!!!

Calamity Any hint? Newbie here

i have the user hash, but i canā€™t get the root hashā€¦ someone help me with priv esc?