@Underworld said:
Could some one give me some hints as to what to do after getting in with a first user? I see a user text but dont have the user to get to it. Also not sure on priv esc. Thanks!
I would say lookout deep into the bottom and see what can u find.
I got user and root but not shell (root), i found the password of root. I try to crack (john the ripper) the password but I could not.
Someone can give me a hint to crack it.
Yea I’m actually in the same boat. Pwned user and root, but didn’t manage to crack. I’m guessing Hashcat might do the trick from reading various posts. I tried a bunch of wordlists but no luck.
@nm0s0 said:
Just got the root.txt. Keep things simple!!!
DO you get the root shell?
No, just the key. Nope, getting the root shell it wasn’t my goal but if I have enough time I’ll try for it. There is some popular method but on Solaris involve a command you can’t execute.
If anyone need some hints feel free to PM.
@mafioso1823 said:
Any hints on initial foothold, i have enumerated all the ports, found users, using msf auxilary module, but can’t use any of the users to login with.
I was in the same boat so I feel you. The problem is that the enumeration of ports doesn’t seem to be reliable. I had someone else run a scan with the same options and they got what I was looking for. Once you can get a true successful scan on all ports, you’ll be moving on fast.
I think there is something f*cked up with the machine…
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?
Any one else getting “ssh target does not support password auth” when messing with ssh? Manually connecting askes for a password, hydra keeps erroring out…
@3x0z said:
I think there is something f*cked up with the machine…
Unable to negotiate with 10.10.10.76 port xxx: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Anyone else has this problem?
3x0z. There’s nothing wrong. You should modify your ssh command options to use one of the offered key exchange methods with oKexAlgorithms.
@PercyJackson35 said:
Any one else getting “ssh target does not support password auth” when messing with ssh? Manually connecting askes for a password, hydra keeps erroring out…
A) See comment below yours regarding setting the proper key exchange during negotiation, not sure if hydra supports those type of options?
B ) You do not need to brute force services for authentication
Any help in getting the root.txt, been thinking of the comments here that you can get it without root privilages and you just need a command to get it. Hitting wall here need a push. Pls pm me. thanks