Return to forum

fukingfuck · August 7, 2022 at 7:34 PM

Some1 got the vdi enctyption password?

vexxxi · August 7, 2022 at 7:41 PM

stuck on cracking the vdi pw, getting token length error, should it start as $vbox$0$540000..?

edit: nvm got it with 27600

farkow · August 7, 2022 at 7:57 PM

You know what guys, I will make sure I will never use VirtualBox.
Does not understand easily if an image is encrypted WITH ITS OWN method.
When you want to remove encryption, sometimes it does, sometimes "Could not prepare disk images for encryption (VERR_VD_READ_OUT_OF_RANGE): (VERR_VD_READ_OUT_OF_RANGE)."
I wanted to remove the encryption on the disk with the VALID password and this error :)

And yeah, it asks for the password when you want to open it, and the password is correct.
And first time I released the encryption to continue, and it messed up again. Doing it over again...

r4vshe1l · August 7, 2022 at 8:09 PM

This is the most shitty box I ever dealt with because of Virtualbox.
you can extract .vdi files' content with 7zip and it's .img inside. But it's corrupted because of passwd stuff.
So, you can't simply mount .img on linux/unix as usual.

yournamehere · August 7, 2022 at 8:10 PM

escalation from lexi to john

explore mysql

select * from wp_pms_passwords;
SELECT * FROM wp_options where option_name='pms_encrypt_key';

so we have salt , key , algorithm (from encryption.php)

tweak the function to execute it locally and get john's ssh private key
and you're john

fukingfuck · August 7, 2022 at 8:17 PM

Hate bruteforce based boxes. ill wait till someone post vdi pass =)

gary · August 7, 2022 at 8:22 PM

(August 7, 2022, 07:41 PM)vexxxi Wrote: stuck on cracking the vdi pw, getting token length error, should it start as $vbox$0$540000..?

edit: nvm got it with 27600

https://github.com/axcheron/pyvboxdie-cracker.git

use this repo on "2019-08-01.vbox" file...

:D

farkow · August 7, 2022 at 8:24 PM

(August 7, 2022, 08:22 PM)gary Wrote:
(August 7, 2022, 07:41 PM)vexxxi Wrote: stuck on cracking the vdi pw, getting token length error, should it start as $vbox$0$540000..?

edit: nvm got it with 27600

https://github.com/axcheron/pyvboxdie-cracker.git

use this repo on "2019-08-01.vbox" file...

:D

and use rockyou.txt so your nightmare can start...

gary · August 7, 2022 at 8:25 PM

(August 7, 2022, 08:24 PM)farkow Wrote:
(August 7, 2022, 08:22 PM)gary Wrote:
(August 7, 2022, 07:41 PM)vexxxi Wrote: stuck on cracking the vdi pw, getting token length error, should it start as $vbox$0$540000..?

edit: nvm got it with 27600

https://github.com/axcheron/pyvboxdie-cracker.git

use this repo on "2019-08-01.vbox" file...

:D

and use rockyou.txt so your nightmare can start...

use wordlist that come from repo....

opdl · August 7, 2022 at 8:39 PM

(August 7, 2022, 06:48 PM)vexxxi Wrote:
(August 7, 2022, 06:27 PM)m4rsh3ll Wrote:
(August 7, 2022, 04:16 PM)vexxxi Wrote: [align=justify]found
| 5 | SSH key | [email protected] | <SSHKEY>

in sql db[/align]

Where did u find it? In what table?

its in wp_pms_passwords;
u can edit the entry for admin though and login to site

How do you do that? Do you have resources?