i got stuck too, extracted the key using pop3s and it failed, did the same thing using imaps instead and worked right away after adding the key.
Saved the text as “key” and converted it to id_rsa.conv using puttygen
puttygen key -O private-openssh -o id_rsa.conv
use the ssh -i id_rsa.conv to connect and should work like a charm
Im not sure where to find the database you mentioned, any help?
(solved it!)
Look in the home directory you’ll find the log file for database.
sql_history?
Yes, try to connect to db and check for the entry of the user.
Ok, I’m stuck here as well.
I’ve found the ssh key, but when I attempt to access the server using the key, I get the following error
ssh -i id_rsa tom@10.129.202.20
Unable to negotiate with 10.129.202.20 port 22: no matching key exchange method found. Their offer: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
I already changed the permissions
What am I doing wrong??
Did you find your way through this yet?
Yes, I decided to try Parrot OS and it worked.
Hi, am also stuck on medium part of footprinting module. I just found some tickets by mounting nfs to my host. So, what to do next please.
What’s odd about any of the tickets when you list them?
I am not even sure where to start at this point. I completed a scan of services and found 5 ports open which are 22, 110, 143, 993, and 995. I attempted to log in with credentials given and obtained from previous labs (Easy and Medium) and none seems to work. I noticed in the threads that SNMP is targeted but those ports are closed from the pwnbox. What am I missing? Where did the Tom credentials come from?
Thanks guys
Check the top of the thread. GuyKazuya put me on the right path - ended up taking a break for a few days but came back kicking myself.
Onesixtyone was hanging me up because I was not reading the output carefully to take the next step.
Hello friend, let’s make it clear that you need to forget about past labs. This is new lab, also most people forget to UDP scan. Wanna start from here? Oh also some people dont read or dont care about a lot of useful links like https://book.hacktricks.xyz/ pls save this link and use it when you are stuck. There you go, if you have difficulty please write my discord: zzerolifee . i would be happy to help but I will not directly say what is flag, because I also stuck for atleast 1 hour and did it myself. Good Luck!
Hi, i checked every method by following modules sections DNS,SNMP, IMAP/POP3. But when enumerating IMAP/POP3 we need creds. Otherwise its not possible to search inside. And there is no port open for SNMP. i reset the machine. but found nothing. i know about queries for IMAP/POP3. see the attachements.
are you there ?
i am stuck with Footprint lab Hard. everyone say that there is snmp service, but when i do nmap i only get 22, 110,143,993 and 995 TCP Ports opened.
all IMAP and POP3 service required username and password
any one can help??
Try doing a UDP scan
thanks, that helped
I was able to enumerate the community string and retrieve a user. Not HTB but another user. I completed imap and pop3 with the user credentials. I am wondering if I have to ssh or am I thinking too far?
Hey JillianDoe - are you having trouble with the SNMP portion? From what I recall, my big issue with that was reading the community string carefully. Onesixtyone worked.
