I have found the document and the passwords to open the document.
I might be missing something totally obvious, but i cant for my life figure out how to open the document and type the password.
Libreoffice, openoffice and various other programs I cant install on the machine. I updated the machine but still nothing.
Could someone please point me in the right direction?
Stop! How did you understand that the private key from another account can be applied to root?
None of the files said it belonged to him.
Only one user is clearly registered there.
Share a secret)
youre right, but the whole box didn’t give any clues, one thing that dennis had that jason did not is the .bash_history file, and if u look into it, it shows that dennis tried to use the id_rsa for something. Which meant that he used it for root. Also only dennis had the id_rsa file in the .ssh folder, jason didn’t.
i was stuck on it for like an hour too, i thought it was the credentials that they give in the file, like username root, empty password, and ip. Turns out everything was local. Don’t use apostrophe when you’re putting in the password
Download creds from resources and create mutated password list.
Using crackmapexec crack smb creds(hint :- use normal creds not the mutated one for faster cracking)
Download Docs.zip file using get filename command.
using zip2john.py conver zip into hash.
crack the converted hash using john and password list ( if the password list doesn’t work then use the mutated one)
6.Next you need to convert doc in to hash using office2john.py
crack the above hash.
install the libre office to read the document which is protected.
you will find the creds in doc. login with those.
use mysql --host=localhost --user=jason --password=“password_you_found”
read the database and you will user named “dennis” and his password.
login with other user creds.
you will find root ssh private key in dennis folder .
convert it to hash with ssh2john.py and the crack it with mutated passwordlist.
then login with the user root using ssh root@ip -i id_rsa and enter passwd you found( Don’t forget to change perm of Id_rsa [chmod 600 id_rsa])
<<<<>>>>>
Thank you for reading this, I hope it helped you.