Hawk

Got the file, but tried the contents in 3 ways found from scan and could not get in, hmm.

Can anyone PM me a hint - as far as I can tell I’ve decrypted the .enc file for a password but I have no clue what user / where I’m meant to actually use it…

I need help with privilege escalation could someone please guide me

I got root flag finally. I really enjoyed this box. Thanks @pat for hint :slight_smile:

Would anyone mind giving a nudge on where to find the pw for D*****. Got a reverse shell on the machine and ive looked through any file that i can come to think of.
Thanks

@stigxenon said:
Would anyone mind giving a nudge on where to find the pw for D*****. Got a reverse shell on the machine and ive looked through any file that i can come to think of.
Thanks

var/www/html/sites/default
Try hope yoy found

i got. root if u need help. pm me . but pls send your messages on main page.

Any hint for user? I already know FTP allows anon logins, but there are no files… only a folder “messages” with nothing inside of it.

@Ac1d0 said:
Any hint for user? I already know FTP allows anon logins, but there are no files… only a folder “messages” with nothing inside of it.

Check the folder again.

–NVM

Well, even If I enable the passive mode on my FTP I’m getting no file in the dir “messages”… IDK :expressionless:

@Ac1d0 said:
Well, even If I enable the passive mode on my FTP I’m getting no file in the dir “messages”… IDK :expressionless:

maybe the file is not directly visible?

@scp said:

@Ac1d0 said:
Well, even If I enable the passive mode on my FTP I’m getting no file in the dir “messages”… IDK :expressionless:

maybe the file is not directly visible?

That’s a nice hint, but I’m stuck the same… I also tried activating the “passive” mode but nothing to do :pensive:

Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

*logged to ftp as anonymous user
*ftp is empty
*site runs Drupal 7.58?
*found an drupal exploit, but must be authenticated

@4tl4a5 said:
Dont have any clue of what to do on hawk. Can anyone give me an initial foothold?

*logged to ftp as anonymous user
*ftp is empty
*site runs Drupal 7.58?
*found an drupal exploit, but must be authenticated

Sure that FTP is empty?

Any hints for getting a shell? I was able to read the UserFlag but cant establish a stable shell :(. Tried so many things now. Implemented an Uploader, Used all Metasploit Exploits etc. Please hint :frowning:

EDIT… nvm just forgot necessary nc parameter :astonished:

Hello, could someone give me a pm to help me with privilation escalation? Thanks in advance

@xeto said:
Sure that FTP is empty?

How dumb of me.

Just got user flag. I was able to login as the user d*****, but it prompt as a python shell.

Any advice? Thank you.

@4tl4a5 said:

@xeto said:
Sure that FTP is empty?

How dumb of me.

Just got user flag. I was able to login as the user d*****, but it prompt as a python shell.

Any advice? Thank you.

How can you execute Linux commands with python? Thatś all you need to escape.

Any hints for Privesc? Im cant find anything : /