Sunday

#

Overview

#

• OS: Solaris
• IP: 10.10.10.76
• Difficulty: Easy
• Platform: HackTheBox
• OSCP: No
• Lists: N/A

Summary

#

pwned box sunday, learnt to do username enumeration for finger service nd crack hash with john.

Enumeration

#

ok so finger seems to be running, lets start with enumerating for users

we will use this pentest monkey script for the enumeration

https://pentestmonkey.net/tools/user-enumeration/finger-user-enum

we got sammy and sunny as the users after doing some user enum

Exploitation

#

lets now use these creds to access ssh

guessing the box name sunday as the password works

navigating to /backup we find two hashes , lets break them with john

we will use this to identify the hash

https://hashes.com/en/tools/hash_identifier

and we got the pass as cooldude!

and we are done , we have our root shell

user flag

root flag