JOIN BREACHFORUMS TELEGRAM
Bizness - HTB
by paven - Saturday January 6, 2024 at 01:03 PM
Breached
Member
Posts: 6
Threads: 0
Joined: Jan 2024
Reputation: 0
#41
Jan 07, 2024, 02:16 AM
(Jan 07, 2024, 02:01 AM)fatgirl Wrote: when i wear my yellow rainjacket in the storm people try to hail me as a cab.


cat /etc/shadow
root:$y$j9T$pJW9XfkWvA4ozHorBy1kA1$MMNByIaVVdq4YrIpvYDEIfckbiKog11HxKcxJkAZLcA:19709:0:99999:7:::
daemon:*:19668:0:99999:7:::
bin:*:19668:0:99999:7:::
sys:*:19668:0:99999:7:::
sync:*:19668:0:99999:7:::
games:*:19668:0:99999:7:::
man:*:19668:0:99999:7:::
lp:*:19668:0:99999:7:::
mail:*:19668:0:99999:7:::
news:*:19668:0:99999:7:::
uucp:*:19668:0:99999:7:::
proxy:*:19668:0:99999:7:::
www-data:*:19668:0:99999:7:::
backup:*:19668:0:99999:7:::
list:*:19668:0:99999:7:::
irc:*:19668:0:99999:7:::
gnats:*:19668:0:99999:7:::
nobody:*:19668:0:99999:7:::
_apt:*:19668:0:99999:7:::
systemd-network:*:19668:0:99999:7:::
systemd-resolve:*:19668:0:99999:7:::
messagebus:*:19668:0:99999:7:::
systemd-timesync:*:19668:0:99999:7:::
sshd:*:19668:0:99999:7:::
systemd-coredump:!*:19668::::::
ofbiz:$y$j9T$0io/BiTgsGfXITtrQxine1$0PO2rHmI9H46z/uQszVpMm1V7UTYvB5lVh8.Vcx/Nt/:19709:0:99999:7:::
_laurel:!:19711::::::

btw i didnt hack this i had to show my tits for it.

For what the passwd file...
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Dec 2023
Reputation: 0
#42
Jan 07, 2024, 02:32 AM
I do got a SHA password from these derby dat files, but its weird to crack..
$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I
Reply
Elite User

Posts: 134
Threads: 13
Joined: Sep 2023
Reputation: 30
#43
Jan 07, 2024, 03:38 AM
its not a straight crack, look how its implemented and reverse that to get the hash and salt

https://github.com/apache/ofbiz/blob/tru...Crypt.java
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Dec 2023
Reputation: 0
#44
Jan 07, 2024, 03:45 AM
(Jan 07, 2024, 03:38 AM)chillywilly Wrote: its not a straight crack, look how its implemented and reverse that to get the hash and salt

https://github.com/apache/ofbiz/blob/tru...Crypt.java

thanks for the comment, I just found it out right when you posted. Bro this is definitely not a easy one
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Jan 2024
Reputation: 0
#45
Jan 07, 2024, 03:49 AM
(Jan 07, 2024, 02:32 AM)chemry Wrote: I do got a SHA password from these derby dat files, but its weird to crack..
$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I

Please share path Rolleyes
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Dec 2023
Reputation: 0
#46
Jan 07, 2024, 03:50 AM (This post was last modified: Jan 07, 2024, 03:54 AM by chemry.)
For people, this link is more spoiler but helps
https://commons.apache.org/proper/common...ng-byte:A-
(Jan 07, 2024, 03:49 AM)Xerion Wrote:
(Jan 07, 2024, 02:32 AM)chemry Wrote: I do got a SHA password from these derby dat files, but its weird to crack..
$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I

Please share path Rolleyes

For reading DB, check the tool
ij
Actually, `strings` might be enough
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Jan 2024
Reputation: 0
#47
Jan 07, 2024, 04:02 AM
(Jan 07, 2024, 03:50 AM)chemry Wrote: For people, this link is more spoiler but helps
https://commons.apache.org/proper/common...ng-byte:A-
(Jan 07, 2024, 03:49 AM)Xerion Wrote:
(Jan 07, 2024, 02:32 AM)chemry Wrote: I do got a SHA password from these derby dat files, but its weird to crack..
$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I

Please share path Rolleyes

For reading DB, check the tool
ij
Actually, `strings` might be enough
Thanks,
I can't figure out where dirby db is located please be humble I'm kinda new  Shy
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Jan 2024
Reputation: 0
#48
Jan 07, 2024, 04:36 AM
(Jan 06, 2024, 08:20 PM)ElBakhaw Wrote:
(Jan 06, 2024, 08:13 PM)betecito Wrote:
(Jan 06, 2024, 08:07 PM)ElBakhaw Wrote: got user


anyone get something for root ?

I'm not sure but...

ofbiz@bizness:~/l$ getcap -r / 2>/dev/null
/usr/bin/ping cap_net_raw=ep
/home/ofbiz/l/python3 cap_setuid=eip

not vulnerable

btw did you manage to get a good shell ? mine breaks after 2 minutes it's soooo annoying

python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
Ctrl+Z
stty raw -echo; fg
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Dec 2023
Reputation: 0
#49
Jan 07, 2024, 04:39 AM
(Jan 07, 2024, 04:02 AM)Xerion Wrote:
(Jan 07, 2024, 03:50 AM)chemry Wrote: For people, this link is more spoiler but helps
https://commons.apache.org/proper/common...ng-byte:A-
(Jan 07, 2024, 03:49 AM)Xerion Wrote:
(Jan 07, 2024, 02:32 AM)chemry Wrote: I do got a SHA password from these derby dat files, but its weird to crack..
$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I

Please share path Rolleyes

Its just under a sub-directory of `/opt/ofbiz`. Practice your enumeration technique there. (Basically just ls, cd, lol)

For reading DB, check the tool
ij
Actually, `strings` might be enough
Thanks,
I can't figure out where dirby db is located please be humble I'm kinda new  Shy
Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Jan 2024
Reputation: 0
#50
Jan 07, 2024, 05:11 AM
I just cat the whole seg0 dir, saved to a file opened in nano , ctrl f and tnered pass
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 602 91,925 Yesterday, 06:48 PM
Last Post: sabero_exe
  [FREE] CPTS 12 FLAGS pulsebreaker 68 1,976 Yesterday, 09:54 AM
Last Post: VictorPipeau
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 371 93,039 Yesterday, 08:48 AM
Last Post: phannguyenbaouy1
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 21 2,631 Yesterday, 05:08 AM
Last Post: popoler
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,278 Apr 30, 2026, 02:10 PM
Last Post: kkkato

Forum Jump:


 Users browsing this forum: 1 Guest(s)