Traverxec

@H4X00R I Have Got The Hash For The User. Now Do I Need To Crack That For The Password Of User?

Type your comment> @xy83rx said:

@H4X00R I Have Got The Hash For The User. Now Do I Need To Crack That For The Password Of User?

John is your best friend

Got creds, and found p*****e, but it gives permission denied error, can anyone tell me if I am on the right path?

Got Shell As www-data, cracked password but it was useless.
any hint?
i’m looking at cronjob, can’t understand how to use it to restore backup…

Type your comment> @ls4cfk said:

Got Shell As www-data, cracked password but it was useless.
any hint?
i’m looking at cronjob, can’t understand how to use it to restore backup…

it’s not that far. Look closer where you were. Go to the place you wouldn’t expect :wink:

Rooted.

Learnt something new from this box. Thanks @jkr !

Hints: The box name is a huge hint. Check permissions and read that specific file that has some interesting details.

Root: Quite easy. Once you get user, you will find another interesting file with an obvious line.

Feel free to ask for help.

Can anyone confirm if i should look at cron jobs to get user ?

John is not helpful, any tips to get user please.

@saminskip said:

Struggling to crack creds. The usual tools finish almost instantly with a false alarm.

Anyone with a PM to help with syntax? Feel like I’m doing something silly.

It’s not a false alarm, it’s just not used for quite what you expect.

Type your comment> @AnonLK said:

Type your comment> @Gboxx said:

I get User DD and Password N****e, ssh locally not working, su not working, any suggestions ?

same

I got the same results any ideas | did u got any solutions for it ?

For user: read c…f file and google manual for the service to make sure that you understand the c…f file

Feel free to PM me

Any hint for root?
is c** or j********l binary related to the priv esc ?
was trying to gain root shell based on this binaries but no result…

I’ve read the docs on the service over and over again, cracked whats maybe needed later, but for the love of God if I read this man page again and it doesn’t work I reckon I will be down a computer as I might put a fist through it. I’m obviously not following something correct even though I feel I am. First time getting really frustrated i must say, but as they say try harder just don’t know what to try harder at now. Damn this is killing me lol. Also making me feel like a right fool. So any suggestions are welcome I know I’m on the correct path it’s just not working as intended.

Type your comment> @mojorisin said:

I’ve read the docs on the service over and over again, cracked whats maybe needed later, but for the love of God if I read this man page again and it doesn’t work I reckon I will be down a computer as I might put a fist through it. I’m obviously not following something correct even though I feel I am. First time getting really frustrated i must say, but as they say try harder just don’t know what to try harder at now. Damn this is killing me lol. Also making me feel like a right fool. So any suggestions are welcome I know I’m on the correct path it’s just not working as intended.

Assuming you’re talking about way to the user. You’ve got those creds from the very specific place. Look around and check functionality that this service provides. Some options should ring a bell

Hey

stucking at user flag …
have a shell, know about the “special area” but don’t know where or what to access to get flag…

Help would be appreciated - just drop me a dm :slight_smile:

Rooted yesterday. Pretty fun for the user part , root was a tiny bit tricky.

Tips for root: Go small… real small…

Type your comment> @jklmnop said:

John is not helpful, any tips to get user please.

Hashcat

@bertalting said:
Can anyone confirm if i should look at cron jobs to get user ?

No, more simple than that.

@mojorisin said:
I’ve read the docs on the service over and over again, cracked whats maybe needed later, but for the love of God if I read this man page again and it doesn’t work I reckon I will be down a computer as I might put a fist through it. I’m obviously not following something correct even though I feel I am. First time getting really frustrated i must say, but as they say try harder just don’t know what to try harder at now. Damn this is killing me lol. Also making me feel like a right fool. So any suggestions are welcome I know I’m on the correct path it’s just not working as intended.

Read the documentation.

Read the configuration file.

You should see something interesting.

Just finished the box, struggled a little with user at first, root was quite straight forward though.

User: Besides the obvious thing, check the manual and go back to read the c… file . It will tell you what there is to look for (even though you might not be able to discover it easily straight away)

Root: Reminded me a little bit of an otw bandit challenge. Once you found out what can be executed you may want to test it out in a less “restricted” environment.

Feel free to PM me for nudges

Thanks @jkr for nice machine :slight_smile:

Rooted !

Real funny box, specially the root part XD

Feel free to PM me for hint (user /root)