Any hints on how to get to the second account? Just brute force via rockyou? Or some other technique? Hints please DM.
Some tool changed the password. World class hacker there boys. 
Box reset coming…
@slack3r said:
Some tool changed the password. World class hacker there boys.
Yep - I noticed this twice the other day, someone reset the box and within 3 minutes of the reset has changed the password for the first user.
not sure if someone is messing with the box, but I’ve ran hydra + rockyou + some other pw wordlists on the 2nd to last high port with a list of potential usernames (including the users with sa*** & su**** + a bunch of “default” accounts). Can’t auth to anything. Am I missing something?
No need for hydra to get you in. The password is the “default” password to htb. If that does not work someone edited the sudoers list again. THIS box is unstable on other servers except for Freeserver it does not glitch that much.
If anyone could PM me that would be rad, I’m mostly just wondering if my nmap scan flags are good to go since they will take forever (pretty standard nmap scan for all ports). I split them up with port ranges as well and did not discover any ports besides the 2 obvious ones.
@wint3rmute said:
If anyone could PM me that would be rad, I’m mostly just wondering if my nmap scan flags are good to go since they will take forever (pretty standard nmap scan for all ports). I split them up with port ranges as well and did not discover any ports besides the 2 obvious ones.
Look into the --min-rate flag for nmap. Try to keep it under 1000 & you should be good
Why machine not workung ?
rooted! one of the simplest machine rooted till now…
…or nmap or web
i use nmap and i found all port …which is next step …?
@hemang if you want to get some hint for get password …because i dont know how to get … i try default password htb
ok i am in but i cannot read user.txt …some hints ?
@onlyamedic said:
not sure if someone is messing with the box, but I’ve ran hydra + rockyou + some other pw wordlists on the 2nd to last high port with a list of potential usernames (including the users with sa*** & su**** + a bunch of “default” accounts). Can’t auth to anything. Am I missing something?
Stuck at the same point
Ok, i got it, now im trying to access user.txt
This box is terrible in every way. I have everything I need and know the way to root, I just can’t do it because I need a powerful machine to crack that hash!
Really not worth the time for 20 poinp.
I recommend resetting the machine before you attempt to access the user accounts. People kept changing the password when I was doing it & caused me to second guess myself for a long time.
@ZaYoOoD said:
This box is terrible in every way. I have everything I need and know the way to root, I just can’t do it because I need a powerful machine to crack that hash!Really not worth the time for 20 poinp.
possibly not using the correct tool and word list. i am able to crack the hash in some time with 4 GB of VM.