Writeup

Can anyone PM me some tips… I’ve got a rough idea of what I need to do… how to do so is a totally different matter and I’m banging my head against a wall!

I have found an user, an email, a hash and a salt…is there a way to get the pass or I have to bruteforce it?

First box on HTB, I just got User. Can’t believe the time was staring me in the face all this time! Thanks to all the nudges. Now on to root.

Finally rooted…root was way longer than i thought it would take.
User was easy with a exploit.
ROOT was using the tool mentioned above,just watch its what you have done several times.Take it very easy and you will be root.
Still if you need any assistance PM me.I will be happy if would be able to help you.

Hello, been stuck on this one for a few days. I got to /w******/a********. I am not sure what my next steps are. Found a****. Not sure how to find hashes. Any nudge in the right direction would be appreciated.

Type your comment> @arsmo90 said:

Hello, been stuck on this one for a few days. I got to /w******/a********. I am not sure what my next steps are. Found a****. Not sure how to find hashes. Any nudge in the right direction would be appreciated.

forget the admin… try to find CMS vulnerability and exploit…

Hello ! I need some hints, the python script return an string empty of characters that i think i’ve gone down the wrong path or don’t set the T**** var efficiently… Can you PM me plz ?

Rooted! With some help!
nudge me if you need any help.

Started with easy boxes. This is the best so far. The user and root were actually possible to discover without being used to CTF-puzzles.

User: How to enumerate website without fuzzing about it? After that pretty CVE.
In addition to previous tips by other users:
Root: When I search places I have write-access to, why do I get permission denied?

I got the user, the hash and the salt. How can I decrypt that?

Type your comment> @MacCauley said:

I got the user, the hash and the salt. How can I decrypt that?

With the same tool you have add the decryption…

Got User. My advice is to use google and find some useful scripts/tools.

Now for root…

got root. Would appreciate a DM to talk about my method, didn’t feel that hackerman to me.

Is there two ways to privesc? I saw the P**H link from the lazy box someone put as a hint and the pspy route. I went the hidden route method. Anyone do both?

Btw love the earlier comments about getting user and it being from a movie. So true!!

where can i use my u*** / p*** from d******e?

edit: i got user

found what I believe is the right exploit for user. However, can’t find the right value needed to make it run. got it!

Now working on root. Think I see the process I need but not sure where to go from there

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

I am stuck after spidering the target on burpsuite. Could you give me a nudge in the right direction? I found a couple of usernames for SSH but bruteforcing passwords doesnt seem to work.

@vider said:
@MacCauley said:

I got the user, the hash and the salt. How can I decrypt that?

With the same tool you have add the decryption…

I find that to be slower than using hash***

.