TUTORIAL HTB pit [Discussion]
by pheonix2021 - May 15, 2021 at 06:36 PM
#61
Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.
#62
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

Could you please share the Path bro
#63
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

I have the sql credentials bro but can't figure out how to connect
can you help me with that please....
#64
(May 17, 2021 at 02:27 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

I have the sql credentials bro but can't figure out how to connect
can you help me with that please....

i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong
#65
(May 17, 2021 at 02:29 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:27 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

I have the sql credentials bro but can't figure out how to connect
can you help me with that please....

i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong

i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine
#66
(May 17, 2021 at 02:31 PM)Alexire Wrote:
(May 17, 2021 at 02:29 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:27 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

I have the sql credentials bro but can't figure out how to connect
can you help me with that please....

i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong

i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine


did you find the mysql creds in the same config as the sqlite? cus i find nothing xd
#67
Any hint of what i should do when i got a php shell where i can execute some stuff
Should i do anything with sql? Or should i try find some ssh stuff or how would i get acces to michelle
#68
(May 17, 2021 at 02:45 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:31 PM)Alexire Wrote:
(May 17, 2021 at 02:29 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:27 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.

I have the sql credentials bro but can't figure out how to connect
can you help me with that please....

i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong

i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine


did you find the mysql creds in the same config as the sqlite? cus i find nothing xd

not in the same file
but if you rearch carefully you will see that there are two seeddms folders
you will get the mysql creds in the same config file but in the different seeddms folder
just look carefully in the / var / www / html / seeddms51x / conf /
#69
(May 17, 2021 at 02:56 PM)Alexire Wrote:
(May 17, 2021 at 02:45 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:31 PM)Alexire Wrote:
(May 17, 2021 at 02:29 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:27 PM)Alexire Wrote: I have the sql credentials bro but can't figure out how to connect
can you help me with that please....

i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong

i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine


did you find the mysql creds in the same config as the sqlite? cus i find nothing xd

not in the same file
but if you rearch carefully you will see that there are two seeddms folders
you will get the mysql creds in the same config file but in the different seeddms folder
just look carefully in the / var / www / html / seeddms51x / conf /

Thank you :D
#70
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.



i cracked the michelle hash and the reasult is also michelle

the hashes we got are of MD5 format

but unable to crack remaning two



(May 17, 2021 at 02:57 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:56 PM)Alexire Wrote:
(May 17, 2021 at 02:45 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:31 PM)Alexire Wrote:
(May 17, 2021 at 02:29 PM)FallingSoul404 Wrote: i think you dont need to connect cus sqlite  doesnt really have credentials here a blog https://stackoverflow.com/questions/1807...in-sqlite3
but i could be wrong

i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine


did you find the mysql creds in the same config as the sqlite? cus i find nothing xd

not in the same file
but if you rearch carefully you will see that there are two seeddms folders
you will get the mysql creds in the same config file but in the different seeddms folder
just look carefully in the / var / www / html / seeddms51x / conf /

Thank you :D

hey can you tell me how you got that star under your name
i want one too...... if possible
#71
(May 17, 2021 at 02:58 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.



i cracked the michelle hash and the reasult is also michelle

the hashes we got are of MD5 format

but unable to crack remaning two



(May 17, 2021 at 02:57 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:56 PM)Alexire Wrote:
(May 17, 2021 at 02:45 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:31 PM)Alexire Wrote: i have the mysql credentials
at first i found that sqlite creds but after searching more i found some mysql creds

Here i found that i can not connect directly to mysql
we need to use -e option and specify the query we want to execute
NOTE : you have to do it in the reverse shell you got from the machine


did you find the mysql creds in the same config as the sqlite? cus i find nothing xd

not in the same file
but if you rearch carefully you will see that there are two seeddms folders
you will get the mysql creds in the same config file but in the different seeddms folder
just look carefully in the / var / www / html / seeddms51x / conf /

Thank you :D

hey can you tell me how you got that star under your name
i want one too...... if possible

You don't need the hashes from the database
#72
(May 17, 2021 at 03:32 PM)codfanhash Wrote:
(May 17, 2021 at 02:58 PM)Alexire Wrote:
(May 17, 2021 at 11:59 AM)Zxelex Wrote: Got RCE have access to mysql table got all the user password hashes but doesn't seem crackable any nudges. and is it the rightpath to enumerate the database.



i cracked the michelle hash and the reasult is also michelle

the hashes we got are of MD5 format

but unable to crack remaning two



(May 17, 2021 at 02:57 PM)FallingSoul404 Wrote:
(May 17, 2021 at 02:56 PM)Alexire Wrote:
(May 17, 2021 at 02:45 PM)FallingSoul404 Wrote: did you find the mysql creds in the same config as the sqlite? cus i find nothing xd

not in the same file
but if you rearch carefully you will see that there are two seeddms folders
you will get the mysql creds in the same config file but in the different seeddms folder
just look carefully in the / var / www / html / seeddms51x / conf /

Thank you :D

hey can you tell me how you got that star under your name
i want one too...... if possible

You don't need the hashes from the database

then how can i get user ....?

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB Fingerprint [Discussion] TDis7 49 3,877 1 hour ago
Last Post: harry123
TUTORIAL HTB Anubis Discussion dadamnmayne 168 56,274 Yesterday at 08:42 AM
Last Post: joeydalips
TUTORIAL HTB Hancliffe [Discussion] pheonix2021 130 30,817 Yesterday at 02:07 AM
Last Post: hacker00

 Users browsing this thread: 1 Guest(s)