I could say I’m lost, but actually I’m not even sure I started to move and, in any case, I have no clue where I’m supposed to go. I spent quite some time looking for anything, and in the end I found a potential CVE, but it’s so much trouble getting it to run that I’d like someone to DM me so I know if it’s worth wasting more of my time.
Edit : Rooted. A big, big thanks to @benj0, without his/her help regarding the foothold I think i would just have moved to another box.
You’d think that you can at least debug something when you have the source. Not with this one. Let’s intentionally remove some files from the sources so when someone tries to run the app it’s just gonna crash. Great idea.
Let’s use some langauge package that even the internet doesn’t know. So let’s install all the packages that have the database in the name. No, still nothing. You just don’t won’t this to work no matter what Great idea again.
Can’t debug the exploitation? No problem, let’s just try throwing random stuff at the box, maybe that’s gonna work or most likely not.
Really wanna understand where the vuln is, why it exists and how it works at the low level? Sorry, not not possible with this box This box just gives you everything else other than possibility to understand the vuln and learn somethnig from it which is nothing. So a big thanks for NOTHING!
PLEASE JUST DON’T DO ANY MORE BOXES LIKE THIS EVER.
Found the vulnerability and POC without any assistance, but couldn’t get it to work properly with any custom commands. Took a lot of time spinning my wheels after that, but got it working. Root was easy. Decent box, albeit far from my favorite.
So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?
So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?
It depends. It shouldn’t take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.
So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?
It depends. It shouldn’t take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.
System doesn’t let me log in to website. I made a payload but I can’t use. Because I can’t log in [If you are the application owner check the logs for more information.] Any hints?
System doesn’t let me log in to website. I made a payload but I can’t use. Because I can’t log in [If you are the application owner check the logs for more information.] Any hints?
When you say you “cant log in”, what error messages are you getting? Are you sure you are using the correct account details?
can i please get a nudge? im stuck on that box for a couple of hours now and im so frustrated have’nt gotten the user yet but done so much recon
This is one of the harder medium boxes, so be prepared to do some “out-of-the-box” thinking.
First make sure your wordlist is big enough. Then enumerate the servers. One on you might find something which is worth further investigation. If you find a software version, look to see if it is exploitable. If it is, exploit it.
can i get a nudge on cracking the hashes? I found more than 2, having trouble getting the right dictionary for this. I am running hashcat and ran jtr both with the B* algorithm but it doesnt seem to be able to crack. I found the search engine but i believe i need to crack these hashes before i priv esc so i can use the password to run s***
Got root! Very nice machine! Learned so much about new things!
Foothold is hard when it’s compared to privilege escalation. Timing created a huge problem for me to do 2 F* thing. But I used a mobile app, then it’s finally done.
Are user (b***) password crackable? I’m like 1h in rockyou and can’t can’t manage to crack it and I’m quite stuck on that
EDIT:
It is but right hash need to be bruteforced
Are user (b***) password crackable? I’m like 1h in rockyou and can’t can’t manage to crack it and I’m quite stuck on that
EDIT:
It is but right hash need to be bruteforced
are there any hints on the machine that clued you into any patterns for the mask? like b*** likes special characters, password length X, etc ?