Traverxec

@mrZapp said:

Hi guys,

Still a bit stuck with root. Just read through this thread a bit.

But somehow I don’t get the dots connected.

I currently work as d … with a s … - s … sh file. Which I think I work with the right command. When I change subtle things, it sometimes asks for a password, so this depends on what is being changed. Okay good information to have, but I miss the last bit. Also with GTFO I don’t get much further.

Would you like to take a look at where I’m going in the ship?

Thanks a lot in advance

Chances are, the size of your console window matters here.

Type your comment> @TazWake said:

@fbr0 said:

Help me.

I found user: hash

I can’t break.

The user hash should break under john.

I’ve tried many options from john.

I’m out of the way.

@fbr0 said:

I’ve tried many options from john.

I’m out of the way.

Ok, there isn’t much more I can offer then other than make sure you have an actual password hash.

Type your comment> @TazWake said:

@mrZapp said:

Hi guys,

Still a bit stuck with root. Just read through this thread a bit.

But somehow I don’t get the dots connected.

I currently work as d … with a s … - s … sh file. Which I think I work with the right command. When I change subtle things, it sometimes asks for a password, so this depends on what is being changed. Okay good information to have, but I miss the last bit. Also with GTFO I don’t get much further.

Would you like to take a look at where I’m going in the ship?

Thanks a lot in advance

Chances are, the size of your console window matters here.

you can also do this without the window size if it’s not working for you. there’s a few ways. check out a quick article or youtube vid on gtfobins in general. a little info and you can make this happen with small changes to the command.

Finally root!
Special thanks @BINtendo @IamKsNoob

Just rooted the box! I actually really liked this one. Required me to do a bit of research to understand how to exploit anything. It’s pretty straightforward if you’re willing to be patient and read a bit of documentation. PM for help.

Very Cool Box!

I learned a lot about web server administration on this one.

Initial Foothold: Something is susceptible.
User: Enumerate and read the man page, you should then see where someone would find a place to place their Protected File, one could even call it an Area for those items. Then call on Johnny boy to assist.
Root: GTFO Bins…and if you have issues…switch terminals.

Hello
could you help me how to decrypt hash about .h*******
John or hashcat says same thing No hashes loaded.

Rooted

Hello
could you help me how to decrypt hash about .h*******
John or hashcat says same thing No hashes loaded.
Quote

@bartounet said:

Hello
could you help me how to decrypt hash about .h*******
John or hashcat says same thing No hashes loaded.
Quote

It should work with John. You can try to specify the format or try with GitHub - openwall/john: John the Ripper jumbo - advanced offline password cracker, which supports.

Having an issue with the exploit shell script… PM me if you can help!

EDIT
I gave up on the manual exploit and just used the metasploit module

@LMAY75 pm me if you still need

Lol this box is gonna make me kms I can’t find the “interesting file” after the initial foothold to save my life. Any help would be appreciated.

EDIT
I got it thanks for the help @IamKsNoob

@LMAY75 said:

Lol this box is gonna make me kms I can’t find the “interesting file” after the initial foothold to save my life. Any help would be appreciated.

Really not sure where you are, but in very general terms use of ls and cat to read files is a good approach here.

Assuming you are w*******a you can read some conf files in the path of the webserver. They contain loot.

crikey… spent 2 days banging my head against the wall to get user, and only 10 mins further to get root. I need a lie down.

Type your comment> @TazWake said:

@bartounet said:

Hello
could you help me how to decrypt hash about .h*******
John or hashcat says same thing No hashes loaded.
Quote

It should work with John. You can try to specify the format or try with GitHub - openwall/john: John the Ripper jumbo - advanced offline password cracker, which supports.

thanks
I think i have tested all format…
could you help me ?

@bartounet said:

thanks
I think i have tested all format…
could you help me ?

I can try but it is likely to be one of three things:

  1. you have the wrong hash.
  2. you have a typo in the command or you need to use the magnum version
  3. it’s cracked it and it just refuses to show it to you (try --show filename)

I have very strong feelings about enumerating this box

Type your comment> @TazWake said:

@bartounet said:

thanks
I think i have tested all format…
could you help me ?

I can try but it is likely to be one of three things:

  1. you have the wrong hash.
  2. you have a typo in the command or you need to use the magnum version
  3. it’s cracked it and it just refuses to show it to you (try --show filename)

can i send private ?
have you rooted this box ?