[SissyGF]

Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me

Me too   found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?

I got password from this hash which program / mode do you use?

I'm trying with john and hashcat using rockyou wordlist, but both says that somethingh like a week is needed to bruteforce the hash
Have you got some hint?

---

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

Credentials are also in this thread, find a way to get into mysql DB from your revshell / cmd exec

[NotYourFox]

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

via revshell, i login to mysql with credentials found in a conf file

seems like i did not search well

[greenSheep12]

Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me

Me too   found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?

I got password from this hash which program / mode do you use?

I'm trying with john and hashcat using rockyou wordlist, but both says that somethingh like a week is needed to bruteforce the hash
Have you got some hint?

---

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

Credentials are also in this thread, find a way to get into mysql DB from your revshell / cmd exec

hashcat and jtr has mode options  (-m) did you use it?

edit:

hashcat has -m option
and
john has --format option

[SissyGF]

Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me

Me too   found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?

I got password from this hash which program / mode do you use?

I'm trying with john and hashcat using rockyou wordlist, but both says that somethingh like a week is needed to bruteforce the hash
Have you got some hint?

---

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

Credentials are also in this thread, find a way to get into mysql DB from your revshell / cmd exec

hashcat and jtr has mode options  (-m) did you use it?

edit:

hashcat has -m option
and
john has --format option

Yes, i'm using the following cmd:

hashcat -a 0 -m 3200 hash /usr/share/wordlists/rockyou.txt
john --wordlist=/usr/share/wordlists/rockyou.txt hash --format=bcrypt

I don't figure out if is my machine that sucks or i need to dig more into hash cracking

[greenSheep12]

Me too   found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?

I got password from this hash which program / mode do you use?

I'm trying with john and hashcat using rockyou wordlist, but both says that somethingh like a week is needed to bruteforce the hash
Have you got some hint?

---

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

Credentials are also in this thread, find a way to get into mysql DB from your revshell / cmd exec

hashcat and jtr has mode options  (-m) did you use it?

edit:

hashcat has -m option
and
john has --format option

Yes, i'm using the following cmd:

hashcat -a 0 -m 3200 hash /usr/share/wordlists/rockyou.txt
john --wordlist=/usr/share/wordlists/rockyou.txt hash --format=bcrypt

I don't figure out if is my machine that sucks or i need to dig more into hash cracking

bcrypt takes some time I need to wait around 5-15 mins don't remember.
If you want better hint it's above position 1000 in rockyou.txt

[chappy]

when
check if you have a space in end of the line (hash)
and hashcat add -w3 -O
when I copy the hash from mysql
there was a space at the end of the hash
that was the reason why I couldn't decipher it

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Scraping | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[hawkeye404]

Got root. Interesting privilege escalation. Overall had fun

---

when
check if you have a space in end of the line (hash)
and hashcat add -w3 -O
when I copy the hash from mysql
there was a space at the end of the hash
that was the reason why I couldn't decipher it

I used john. 
Command: john --wordlist=rockyou.txt creds

[SissyGF]

Thanks a lot to all <3 finally get the password

I had to reset the machine, the two hashes in the DB changed and everything worked with these) :O

[object32]

idk can´t find templates site to edit to get reverse shell. anyone can share?
page loads so slow its annoying

start http server on the path with your file then upload via url . it workked faster for me

[TheBeast]

Me too   found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?

I got password from this hash which program / mode do you use?

I'm trying with john and hashcat using rockyou wordlist, but both says that somethingh like a week is needed to bruteforce the hash
Have you got some hint?

---

so, how do you exactly find the bcrypt from www-data?

i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost

Credentials are also in this thread, find a way to get into mysql DB from your revshell / cmd exec

hashcat and jtr has mode options  (-m) did you use it?

edit:

hashcat has -m option
and
john has --format option

Yes, i'm using the following cmd:

hashcat -a 0 -m 3200 hash /usr/share/wordlists/rockyou.txt
john --wordlist=/usr/share/wordlists/rockyou.txt hash --format=bcrypt

I don't figure out if is my machine that sucks or i need to dig more into hash cracking

 here is the password if you fail to crack it , but know this you are using correct cmds  "tequieromucho"

---

http://dev.devvortex.htb/administrator/

Which SCAN and OPTIONS did you use to find the subdomain?  TIA

ffuf -w /usr/share/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.devvortex.htb" -u http://devvortex.htb/ -mc 200-299

if you dont have ffuf install it