Having a bit of trouble with the medium lab. I have the j user login and the d user’s login and ssh key cracked. Unsure where to go from there. Not sure what I could be missing.
Figured it out: For anyone else stuck in that position. Think of who else that special key might be for!
Could use a hint 0n the section “Passwd, Shadow & Opasswd” question “Examine the target using the credentials from the user Will and find out the password of the root. Then, submit the password as the answer.” how did you guys get the root hash? the shadow file is locked down. Cant read, write, or transfer without root access.
Ahh found out there was a hidden back up file
the way in which the password mutations part can be solved was as they have already commented. You can split your mut_password.list file into several files, for example with 10,000 lines each file. This is made easy with the command “split -l 10000 mut_password.list”, and it splits into several files called xaa, xab, xac, xad…, attacking the faster FTP service. And it also helps a lot if the file “mut_password.list” you make a grep in which only 8, 9, 10… minimum characters appear and then you divide that file with split, and using Hydra with t64 lines, which is faster . then you put on a movie and relax quietly while the program works. 
lab1
stuck here too .
did you found anything?
which password list to use ? the mutated one? rockyou?
and i am trying to brute force the ftp for speed
They have so many tasks which think are badly worded and unnecessarily hard. What for?! You can teach someone an idea with a good task (easy/medium) a lot o their tasks suck!
Its frustrating, using the same lists, found user only on the 3rd try.
2 timea it missed
Hello, everyone. I have been stuck at the hard lab for more than a day. The description of the task says that Johanna is present on very many hosts, but the network hosts are quite different every time when resetting the target. In that case, I guess passing her password to other hosts may not be the solution here. I was able to find the password of Johanna and RDP to the given host, but I am stuck accessing the content of the L****.k*** file. I was trying to crack it using different passwords including the mutated one but no results. Could someone, please, provide a hint of what to do next?
did you find any ideas for this exercise?
stuck on Passwd, Shadow & Opasswd, ssh in, but nothing else. I can’t read /etc/shadow and I can’t find any files or anything. Any ideas?
Look for something else.
Search for files
Last lab was great deal of fun…
What a waste of time in this chapter, really. Passwd, Shadow & Opasswd. After finding a couple of files with the hashes and trying to crack them with hashcat and rockyou, I can’t get any passwords.
I try to get zip file password, but John won’t work. This is desperate. It doesn’t get any password. I don’t know what to do anymore
make sure you use the right wordlist
yes, that was the mistake, I even tried other lists, but not the correct one, nor did it occur to me
Maybe you can use mutated wordlist from resources
This mod is killing me. I am in lab easy, and I have found username and password for ftp, I get private key, I get password and… why can’t I connect by ssh? It is normal?
@lxuxer You got user M? In that case, use the private key to sign in to SSH with the -i flag.
I’ve gotten that far in the Easy lab, but now I am STUCK. Tried LaZagne, the credentials hunting for-loops but nothing… can anyone give me a nudge in the right direction?
If you found the id_rsa’s password, you need to connect. Did u chmod and used -i parameter?
