[ritualist]

any hints for root?

Got the user hashes from the sqlite db file, but I am unable to crack the hash for adam... If this is the way please tell me how to crack it.

I cracked the hash, but it seems like it is only usable for the reports page

Try it on the ftp. This gives you a program and source.
The auth key can be brute forced easily but the user is missing permissions to the required directories.

Either access to one of the other users is needed or the password for sudo. That's where I'm stuck now.

[query1338]

So I have dumped

1|admin|sha256$nypGJ02XBnkIQK71$f0e11dc8ad21242b550cc8a3c27baaf1022b6522afaadbfa92bd612513e9b606|admin

2|adam|sha256$Z7bcBO9P43gvdQWp$a67ea5f8722e69ee99258f208dc56a1d5d631f287106003595087cf42189fc43|webdev

how do I crack it? john does not load the hashes.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[AbsolutelyMadProc]

So I have dumped

1|admin|sha256$nypGJ02XBnkIQK71$f0e11dc8ad21242b550cc8a3c27baaf1022b6522afaadbfa92bd612513e9b606|admin

2|adam|sha256$Z7bcBO9P43gvdQWp$a67ea5f8722e69ee99258f208dc56a1d5d631f287106003595087cf42189fc43|webdev

how do I crack it? john does not load the hashes.

Hashcat is the way to go.

[Th3B4h0z]

So I have dumped

1|admin|sha256$nypGJ02XBnkIQK71$f0e11dc8ad21242b550cc8a3c27baaf1022b6522afaadbfa92bd612513e9b606|admin

2|adam|sha256$Z7bcBO9P43gvdQWp$a67ea5f8722e69ee99258f208dc56a1d5d631f287106003595087cf42189fc43|webdev

how do I crack it? john does not load the hashes.

hashcat -m 30120 --- for adam pass

[xxxbfacc]

runner program is strange. auth key is only used as an internal check. You can crack, or just recompile without the auth check. Doesn't make a difference either way in its execution. But there is an /opt/runner2 folder, maybe related.

---

Also there is an identical program /usr/local/bin/runner without the auth key check...

[AbsolutelyMadProc]

runner program is strange. auth key is only used as an internal check. You can crack, or just recompile without the auth check. Doesn't make a difference either way in its execution. But there is an /opt/runner2 folder, maybe related.

---

Also there is an identical program /usr/local/bin/runner without the auth key check...

I suspect that we somehow need to get access to Lopez or Adam since they both can access the runner2 directory. If the codebase is similar, it may still have the cmd injection vuln.

But as for how to get access, I feel like the access key should be used somehow/somewhere

[MakeFilez]

For everyone asking about how to get the files from FTP:
              ftp://ftp_admin:u3jai8y71s2@ftp.local/
Then just put the file you want after the /
              ftp://ftp_admin:u3jai8y71s2@ftp.local/{private_key}

[s0jnik]

Can we do anything with selenium?

[laranja]

For everyone asking about how to get the files from FTP:
              ftp://ftp_admin:u3jai8y71s2@ftp.local/
Then just put the file you want after the /
              ftp://ftp_admin:u3jai8y71s2@ftp.local/{private_key}

I can't connect to FTP, any tips or help....
grateful

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[DrBan]

I got both the hash of adam and admin
please can someone guide what to do next

---

I got both the hash adam and admin
What is the next step kindly help me