Fortune

vladptw · March 14, 2019, 11:49pm

Got user!
For root , will this article be helpful NFS | Penetration Testing Academy ?

sillydaddy · March 15, 2019, 1:56am

Type your comment> @Jazzblaster said:

Anyone that would be willing to PM me a nudge on how to ‘start’ on this one? My regular enumeration attempts don’t really give me anything at all and my google skills seem to be failing me on this one. I can’t seem to figure out how to ‘fix’ or bypass the ssl handshake error and I can’t help but feel i’m missing an important chunk of knowlegde about the problem that’s being presented here. Am mostly looking for some reading material related to the specific problem. Of course, if it turns out i’m focussing on the wrong thing here, that would be nice to know as well

i am not sure in this …And doesnt know any materials related to this … But what if server needs to authenticate users with a specific criteria … ? …sorry …just ignore if it doesnt maske any sense

wail99 · March 15, 2019, 2:27am

Spoiler Removed

sillydaddy · March 15, 2019, 2:36am

Is there a hash cracking using hashcat involved in getting root access ?

I am the the last stage . I understand we to use u*** p****** as the key .But should i crack the $p*******2$ hash ?

sillydaddy · March 15, 2019, 2:39am

Spoiler Removed

sillydaddy · March 15, 2019, 4:11am

Rooted !! Thanks all for the help

No cracking of h***** is needed .No h****** jo** etc is needed …
check the source code .and de**** using the things in the d*

krxxp · March 15, 2019, 7:04am

Need a little nudge here on what I am doing wrong. Can someone PM me? Don’t want to spoil anything

D4n1aLLL · March 15, 2019, 10:21am

Can someone hint me towards initial foothold? Wrote a script to get all the fortunes (got quite alot of them) but didn’t find anything I think I am looking the wrong direction?

sillydaddy · March 15, 2019, 11:38am

Spoiler Removed

dplastico · March 15, 2019, 1:33pm

Type your comment> @sillydaddy said:

Rooted !! Thanks all for the help

No cracking of h***** is needed .No h****** jo** etc is needed …
check the source code .and de**** using the things in the d*

no need to crack them? I really cant get it wtf this hashes!

imayberobot · March 15, 2019, 1:39pm

rooted!
if you read the code but can’t find the password for decoding, look more into db.

Maglok · March 15, 2019, 4:48pm

I seem to be the other way around, I cannot seem to find the way to decode, but I have the thing to decode I think. Anyone wanna brain in PM?

dplastico · March 15, 2019, 6:16pm

Type your comment> @Maglok said:

I seem to be the other way around, I cannot seem to find the way to decode, but I have the thing to decode I think. Anyone wanna brain in PM?

same boat here… this machine has been something cant decode

KostasKoutr · March 15, 2019, 7:23pm

As someone who has done 12 boxes so far, do you think this box would be too difficult for me?

I am interested because, although I have found RCE (so the OS and some certs etc.) a bit too easily, the box is still ranked as “Insane” difficulty.

Are there any parts that would be considered “too” difficult (compared to boxes like Ethereal or Nightmare)?

Thanks and sorry for not contributing directly to the box.

underc0very0 · March 15, 2019, 8:03pm

Type your comment> @KostasKoutr said:

As someone who has done 12 boxes so far, do you think this box would be too difficult for me?

I am interested because, although I have found RCE (so the OS and some certs etc.) a bit too easily, the box is still ranked as “Insane” difficulty.

Are there any parts that would be considered “too” difficult (compared to boxes like Ethereal or Nightmare)?

Thanks and sorry for not contributing directly to the box.

root is a bit hard but with some tips it is actually manageable. The user part is fairly easy in my opinion. The tips in here helped a lot.

AuxSarge · March 15, 2019, 9:30pm

Type your comment> @KostasKoutr said:

As someone who has done 12 boxes so far, do you think this box would be too difficult for me?

I am interested because, although I have found RCE (so the OS and some certs etc.) a bit too easily, the box is still ranked as “Insane” difficulty.

Are there any parts that would be considered “too” difficult (compared to boxes like Ethereal or Nightmare)?

Thanks and sorry for not contributing directly to the box.

Rating this box was difficult because there’s such a diversity of skills and experience on HTB. Perhaps it should have been “hard” ? Give it a try regardless. The more you do, the easier they get as you learn.

ryarnyah · March 15, 2019, 10:33pm

Great box, user was fun and root was a rabbit hole pain.

root tips: really try to understand the source code not just grep inside

TheJ0k3r · March 16, 2019, 12:33am

can anyone PM me an hint for root?

FuxSocy · March 16, 2019, 2:30am

Got User after an hour or so, I had to read about new things here and there, but I know in the end of the day I learned new things!

Let’s go for root!

0xklaue · March 16, 2019, 4:54am

Either I’m looking in different place, or I am missing something. I have some hashes of p***** format, but I can’t find something interesting in that place. Really can’t understand where I’m going wrong for rooting it

EDIT: Rooted! A fun ride indeed. This box does NOT require John/Hashcat. Respect to those who helped me out of this. Really amazing box @AuxSarge