Hello there,
I’ve been stuck with this box for so long now. I have managed to snag the user.txt, but I’ve been having a hard time connecting using p****.exe it’s been giving me an error saying Couldn’t agree a key exchange algorithm… Please, kindly give me a nudge.
@Lhuxey12 said:
Hello there,
I’ve been stuck with this box for so long now. I have managed to snag the user.txt, but I’ve been having a hard time connecting using p****.exe it’s been giving me an error saying Couldn’t agree a key exchange algorithm… Please, kindly give me a nudge.
If you scroll back, quite a few people have answered this.
It never happened to me so I am not sure what the cause is, but in the first instance, I’d say make sure you have SSH running, it is accessible and the account you use can log in.
Some of the other suggestions are about using different versions etc.
Type your comment> @TazWake said:
@Lhuxey12 said:
Hello there,
I’ve been stuck with this box for so long now. I have managed to snag the user.txt, but I’ve been having a hard time connecting using p****.exe it’s been giving me an error saying Couldn’t agree a key exchange algorithm… Please, kindly give me a nudge.
If you scroll back, quite a few people have answered this.
It never happened to me so I am not sure what the cause is, but in the first instance, I’d say make sure you have SSH running, it is accessible and the account you use can log in.
Some of the other suggestions are about using different versions etc.
hi, i’m pretty sure my SSH is running - Yet, I still don’t know why it’s still saying key exchange algo isn’t working. Any solutions on how to make this work? I know this is my one and only missing steps.
Please, PM me and explain how. I’ve been stuck on this machine for DAYS…
@Lhuxey12 said:
hi, i’m pretty sure my SSH is running - Yet, I still don’t know why it’s still saying key exchange algo isn’t working. Any solutions on how to make this work? I know this is my one and only missing steps.
Please, PM me and explain how. I’ve been stuck on this machine for DAYS…
Happy to try and help but I’ve no idea really. I never had this issue.
Hello there again people of hack the box,
So… Now it’s saying unable to negotiate with 10.10.10.198 port ****: No matching key exchange
Hi all, Newbie here.
I’m trying to hack this box as a final project for my Ethical Hacking course. I’ve made some progress and found GMS exploit. However, anytime I execute it and it returns that it connected to w******* it immediately exits. Did anyone else have this problem? Any ideas how to move past it?
So, I was trying to exploit C******.*** but every time I do NC it doesn’t give me access to root. Need help please PM me.
Okay, I’m on the last part and my NC won’t give out anything or won’t connect. If you guys got any suggestion on how to do this please PM me or reply to this post.
@cfmonroe0825 said:
Hi all, Newbie here.
I’m trying to hack this box as a final project for my Ethical Hacking course. I’ve made some progress and found GMS exploit. However, anytime I execute it and it returns that it connected to w******* it immediately exits. Did anyone else have this problem? Any ideas how to move past it?
A lot of this depends. When you say it “exits”, the exploit might still have worked.
The POC code is a bit misleading. First, the instructions are wrong in places. Secondly, it tries to make it look like a webshell when it isn’t.
FATAL ERROR: Couldn’t agree a key exchange algorithm (available: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
can anyone help me solving this issue
@pagal said:
FATAL ERROR: Couldn’t agree a key exchange algorithm (available: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
can anyone help me solving this issue
I suspect if you read through the threads, the answer might already be there. This has been asked before - even a few posts before yours.
Have a look at:
Also: make sure you have SSH running on your machine and you are able to log in remotely with the account you use.
Piece of Cake 
but im having real difficulty in uploading the files after initial shell. Is it just me who is facing this issue?
@cybeR0ot said:
Piece of Cake
Possibly not, but it boils down to how you are trying to upload them.
The “initial shell” might not be a shell.
If you’ve used the common exploit unmodified, then you have remote command execution, not a shell on the box. The PoC just makes it look like a shell.
Type your comment> @TazWake said:
@cybeR0ot said:
Piece of Cake
Possibly not, but it boils down to how you are trying to upload them.
The “initial shell” might not be a shell.
If you’ve used the common exploit unmodified, then you have remote command execution, not a shell on the box. The PoC just makes it look like a shell.
Nope i upgraded POC shell with cat (after alot of wait). But still im surprised that nothing is downloading with curl, certutil, even from nc.
I hope im doing everything good.
@cybeR0ot said:
Nope i upgraded POC shell with cat (after alot of wait). But still im surprised that nothing is downloading with curl, certutil, even from nc.
I hope im doing everything good.
Well, if you uploaded the cat, then you should be able to do the same thing to get other files across.
If that worked but everything else is failing there might be a network issue.
Alternatively, if you use a version already on the box, it might have functionality issues.
So tired of re-running the user exploit multiple times due to resets so I gave in and made an autopwn script to speed things up, works like a charm! xD
Type your comment> @cybeR0ot said:
Piece of Cake
Yeah I had a few issues uploading files to this box.
Fixed it by just changing servers really.
Rooted!! Great box! Most of the hints are in the forums but if I had to recap-
User: Enumerate harder, maybe the webpage has something that says something that might be worth a google or two…
Root: Look for files that users usually forget to delete and google around. Of coarse you must be required to tweak the exploit to run what you want it to. Remember not all computers are the same especially with their “internet ID”. You’ll figure it out and if doesn’t work the first time, keep running it and if it still doesn’t perhaps change the payload around until it works. Also remember that even basic av can detect extremely common payloads.
I still need a nudge… 
Rooted! Feel free to Message for help.
I got stuck with root because I could not get ports working correctly – Make sure you use netstat to identify issues.