Utter n00b question...

I’m more of a hardware type person (embedded linux on devices) - so i’m trying to learn more about the software side and this is the first website I’ve joined… (so be gentle please!)

I’m trying to hack Blue and have got a command line using metasploit. But what am I trying to achieve? What’s the aim and how will I know if I’ve achieved it?!

Thanks!

Hi mate, there are no stupid questions dont worry.
What do you mean you have got a command line using metasploit?

@SubjCaps the aim once you are in a box is to grab both user and root hashes and then enter them. It’s about learning about hacking and how to abuse and exploit vulnerabilities to achieve root access on each machine. This will gain you points, knowledge badges and ranking, hope i answered your question.

@goutsou, I used a metasploit exploit which gave me a command line onto the box - but then I wasn’t sure what I was supposed to be looking for… But thanks to @SirenCeol, I get it - I’m supposed to try and find a way to elevate my privileges and then find a root hash (this was the bit I didn’t really ‘get’).

And now I’ve got my first point - so thank you both!!

@SubjCaps Blue gives you directly System privs so you can grab both the user and root hash, other machines do indeed require you to elevate. Congrats!

welcome and dont hesitate to ask questions

Just another stupid question - I’ve got the hash. Where to submit it?

@piedmontfour said:
Just another stupid question - I’ve got the hash. Where to submit it?

Go to the Active Machines listing page, look to the very right of the screen. There’s 3 buttons. A “reset”, a “user” and a “hashtag” … Click the User icon to enter the User hash. Click the “#” icon to enter the system hash… Good luck.