Possibly Related Threads…

nomx1337 · Sep 21, 2024, 10:17 PM

Were you able to crack adams hash?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

nitwitse · Sep 21, 2024, 10:24 PM

(Sep 21, 2024, 10:17 PM)nomx1337 Wrote: Were you able to crack adams hash?

Yep, but I was running hashcat for at least 20 min before it turned up over halfway through my wordlist...

jsvensson · Sep 21, 2024, 10:32 PM

for POC
there is a couple of things to change:
in zip you have a.php - need a change to yours ip to get shell - but this file must be in zip
in exploit.py - change name of shell.php to /themes/next/a.php
in exploit html:
all admin-dev to admin634ewutrx1jgitlooaj
and in import_theme to yours_ip

a44857437 · (This post was last modified: Sep 21, 2024, 10:37 PM by a44857437.)

(Sep 21, 2024, 10:17 PM)nomx1337 Wrote: Were you able to crack adams hash?

I cracked james' hash from the database

(Sep 21, 2024, 10:32 PM)jsvensson Wrote: for POC
there is a couple of things to change:
in zip you have a.php - need a change to yours ip to get shell - but this file must be in zip
in exploit.py - change name of shell.php to /themes/next/a.php
in exploit html:
all admin-dev to admin634ewutrx1jgitlooaj
and in import_theme to yours_ip

I had to change the call to reverse_shell.php in exploit.html to a.php as well
(or you can add the modified reverse_shell.php to the zip)

Leonzola · Sep 21, 2024, 11:13 PM

james@trickster.htb

pass: alwaysandforever

Art10n · Sep 21, 2024, 11:22 PM

(Sep 21, 2024, 11:13 PM)Leonzola Wrote: james@trickster.htb

pass: alwaysandforever

how can I fand this password ?

osamy7593 · Sep 21, 2024, 11:23 PM

(Sep 21, 2024, 11:13 PM)Leonzola Wrote: james@trickster.htb

pass: alwaysandforever

where u found DB creds

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

wtfduw · (This post was last modified: Sep 21, 2024, 11:39 PM by wtfduw.)

You can find db creds under /var/www/prestashop/app/config/parameters.php
connect to mysql
use prestashop
select * from ps_employee;
crack james hash => password:alwaysandforever

Anyone has path for root?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

osamy7593 · Sep 21, 2024, 11:27 PM

(Sep 21, 2024, 11:26 PM)wtfduw Wrote: You can find db creds under /var/www/prestashop/app/config/parameters.php
connect to mysql
use prestashop
select * from ps_customer;
crack james hash => password:alwaysandforever

Anyone has path for root?

thx budd ................

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

nomx1337 · (This post was last modified: Sep 21, 2024, 11:35 PM by nomx1337.)

There is no james, just adam in my db (tried to crack the pw for 30min and it's not the same as james)
Are there different box setups?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,363	4 hours ago Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,200	7 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,505	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	406	Yesterday, 10:36 PM Last Post: op334
	CBBH Write Ups	hiddenhacker	22	6,237	Yesterday, 06:39 AM Last Post: Usercomplex