Spent a couple of evenings now on this and not making any headway. So have remote shell with ww*-**ta, have the hash and clear text of local user account but that doesn’t appear to give any level of access.
Would some one give me the smallest of hints at what to consider next, I’ve looked at the config of the exploitable app, also researched GTFO and see the potential but feel that a step beyond where I am at present.
First attempt at a live box, any assistance appreciated.
Tx
@Rookster99 said:
Spent a couple of evenings now on this and not making any headway. So have remote shell with ww*-**ta, have the hash and clear text of local user account but that doesn’t appear to give any level of access.
Would some one give me the smallest of hints at what to consider next, I’ve looked at the config of the exploitable app, also researched GTFO and see the potential but feel that a step beyond where I am at present.First attempt at a live box, any assistance appreciated.
Tx
Its not going to make your life much easier, this can be a hard box, but try to think like a web server at this stage.
First you need to find out how you are configured.
Then you need to look at where your files are stored. You might think you cant access them because you cant walk through to them, but you can go to them. If your clear text is N(stuff)e, then it isnt really a user account but it can be used to access something which might otherwise be restricted (think of the source)
Once you’ve got in there you will get what you need to be a user.
Rooted. After such an easy time with the initial foothold, thought the rest would be easy. Very wrong. Got root with a lot of playing around after reading all the tips. Still have no idea why that works.
I’m running into an issue cracking the D***** hash with hashcat, I get a token length exception. Anyone have a clue what i’m doing wrong here?
Type your comment> @1xSTiiXx said:
I managed to get an initial foothold on this box, but am struggling to get user. To this point I cracked the hash within the .ht***s file to uncover the password and I’m assuming there is a password protected web page somewhere where I can authenticate with the credentials I have, however I can’t find any authentication pages. I read the .conf file and was able to browse to the users home directory within the browser which returns a web page that stats “Private space. Nothing here. Keep out!” This is as far as I’ve gotten so far. Others have said to check dads home directory on the box, but within my low priv shell, I don’t have permissions to list anything within his home directory. From the browser, it loads the web page I said earlier, I just can’t find any other pages that I can authenticate to. Any nudges would be appreciated!
I need help. I am in the same situation.
I got file b*************.tgz. can anyone help me how to download this file into my host machine.
Also got a local user password but can’t ssh with it.
Any help appreciated.
At the end got root: special thanks to @Tatik
root hints: j…l + GTFObins + resize
Type your comment> @RybinR said:
Type your comment> @1xSTiiXx said:
I managed to get an initial foothold on this box, but am struggling to get user. To this point I cracked the hash within the .ht***s file to uncover the password and I’m assuming there is a password protected web page somewhere where I can authenticate with the credentials I have, however I can’t find any authentication pages. I read the .conf file and was able to browse to the users home directory within the browser which returns a web page that stats “Private space. Nothing here. Keep out!” This is as far as I’ve gotten so far. Others have said to check dads home directory on the box, but within my low priv shell, I don’t have permissions to list anything within his home directory. From the browser, it loads the web page I said earlier, I just can’t find any other pages that I can authenticate to. Any nudges would be appreciated!
I need help. I am in the same situation.
Same here. I know I cannot use the cracked hash to ssh in and at this point I need to look for the keys in the private space, but for the life of me i can’t seem to find anything in the /home/user dir. Any hints?
Type your comment> @Wakuru said:
I got file b*************.tgz. can anyone help me how to download this file into my host machine.
Also got a local user password but can’t ssh with it.
Any help appreciated.
If you’re in with m**, then the download command should work. That’s what I did
Hey guys, first forum post here. I’m very stuck. So here is what I have so far. I’ve read n***.f, got into /~d**, cracked the password hash for d****. I found this private space but I need a hint to find this “compressed file” everyone is saying is in here. I also do not have the private ssh key yet.
Type your comment> @AfroPrince said:
Need help with the machine, have gone pass cracking the hash with John, got my creds but unable to get the user d****d user flag. I believe SSH isnt the way or i’m doing something wrong.Kindly PM or help with a nudge. been on this machine for two days now.
Finally rooted the machine, thanks to eviltor13.
are these boxes shared by everyone that participates in the challenge, or is each box unique to you? I can’t tell if all these tools dumped in the /tmp directory are from other users from HTB, or if they’re deliberately placed there by the creator(s).
There’s a file in there that basically does everything for you. Think it might have been placed there by another user.
I have found the ***********.tgz file in the hidden dir and extracted the private ssh key, and was able to crack it. I am not able to ssh with the password or su with it. Just need a nudge in the right direction…many thanks.
Edit: Got user …thanks @Hak4lif3
just started this box today. got an initial foothold/shell as user w*-d* not sure what to do next. have not found the any config files or hashes as mentioned.
i got shell with user w-d and cracked hashes for user dd password [***4me]…but cannot ssh or cahnge user to it …any hint or help would be appreciated
I just rooted this machine. But not without resize tips. I dont understand this resize thing. How could i find this without any help? Any articles about this i can study?
I ROOTED my first machine. I want to thank’s all for the suggestion and help me.
I can’t rooted the machine without your help.
Thank’s man
Thanks