Finally solved!!! This machine was amazing, I’ve learned a lot expecially in the second part
Thanks to everyone who helpded me, especially @m4xp0wer@htejeda and @opt1kz
Here my hints:
User: enumerate very well the site until you find something very very juice.
With that you can do a lot of things, including get you access to the machine.
Then it’s just linux enumeration that will help you finding another file very interesting a precious
Root: enumerate very well and you’ll find something strange (it’s pretty obvious).
received a lot of help because it was my first time with something like this. Go back in the discussion you will find the video of your life, that will road you to the light!
After HOURS of banging my head trying to get user I found what I was looking for. I overlooked the file MANY times because somebody changed the permissions for the file… Had to reset the machine to get the permissions back where they belong.
I found the pass for th******* user but I can’t authenticate… am I missing something?
Same.
Edit: Got it. I’m going to quote @psie.
“once you have something to break, don’t be afraid to give it more time and wait for more results. In my case I needed a bigger input file than usual.”
Stuck with the rop part for root. Anyone willing to share a few tips ? I’m relatively new to exploit dev and keep getting “Got EOF while reading in interactive” on my local machine
Otherwise, it’s a lot of fun !
After HOURS of banging my head trying to get user I found what I was looking for. I overlooked the file MANY times because somebody changed the permissions for the file… Had to reset the machine to get the permissions back where they belong.
I’m pretty sure it’s not malicious attacker, it’s just a slight oversight in the box’s design. If someone from HTB with the ability to fix boxes wants to PM me, it’s easy to fix.
Until then, if you’ve got a full shell but can’t find your way past h**, check the box’s uptime. If it’s over 6 hours I would reset it.
you’re almost there but I think you’re having it backwards. It’s more a game of what the server needs from you to log in without a password than the other way around
How so? I’m giving it the i*_r** key. Am I missing something else?
There’s a specific file you can write into that will help you more than providing the server with its own private key
I am loosing myself at this point. I thought I had this figured out, but it just won’t work.
Please PM me with assistance - I doubt it can be discussed here without spoilers …
you’re almost there but I think you’re having it backwards. It’s more a game of what the server needs from you to log in without a password than the other way around
How so? I’m giving it the i*_r** key. Am I missing something else?
There’s a specific file you can write into that will help you more than providing the server with its own private key
I am loosing myself at this point. I thought I had this figured out, but it just won’t work.
Please PM me with assistance - I doubt it can be discussed here without spoilers …
Cheers
Think about what YOU can supply the server so you can connect…
you’re almost there but I think you’re having it backwards. It’s more a game of what the server needs from you to log in without a password than the other way around
How so? I’m giving it the i*_r** key. Am I missing something else?
There’s a specific file you can write into that will help you more than providing the server with its own private key
I am loosing myself at this point. I thought I had this figured out, but it just won’t work.
Please PM me with assistance - I doubt it can be discussed here without spoilers …
Cheers
Feel free to send me a message with your questions
Still get quite a few DM’s with individuals missing the second one… so… from the box page
We have recently detected suspicious activity on the network. Please make sure you change your password regularly and read my carefully prepared memo on the most commonly used passwords. Now as I so meticulously pointed out the most common passwords are. Love, Secret, ■■■ and God -The Plague
So, knowing that those are the most common passwords, how can you shorten your wordlist to speed things up?
I’m creating a custom wordlist to crack some hashes, anyone know a good mutator? I’ve tried rsmangler but it always crashes when I try the --full-leet option.
I’m creating a custom wordlist to crack some hashes, anyone know a good mutator? I’ve tried rsmangler but it always crashes when I try the --full-leet option.
It’s not necessary. Try one of the ones that come with kali.
