Cache

17810121317

Comments

  • This box really tested my patience. It was a great learning experience, thx @ASHacker .

    Hack The Box

  • Spoiler Removed

  • edited May 14

    I truly have no fucking clue how you guys are getting from the author page, to this H** thing. It's obvious from the comments here what the eventual service must be, but I don't see any link to it whatsoever when googling. Also, how is anyone even dirbing this box? I can run through like 800 words before each reset. Really annoying.

    edit: God damn it, that was so obvious. How did I not see that.
    For anyone else in the same boat: don't keep fuzzing the box. You know how usually in windows boxes you need to change your hosts file to something very similar to the box name, if not the name itself? Well, that doesnt exactly apply here.

  • Rooted. Very fun box, but I get the impression that I didn't follow the intended path, as I didn't get the user flag until I was root.

  • Not sure if possible but it would be awesome to disable the exploit that everyone is using which causes constant resets. It's very frustrating.

  • So, rooted.
    Special thanks for privesc, now I know more ;)
    Feel free to pm me for hints.

  • Rooted! Interesting box

    Should require a little nudge, feel free to PM!

  • finally got passed the Po*****
    have username and password
    got the rev shell searching for the second user now

    nice box

  • i got the login page and i think this version doesnt have any authentication bypass vuln.
    So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

  • Type your comment> @GH057404 said:

    i got the login page and i think this version doesnt have any authentication bypass vuln.
    So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

    its an injection bro

  • Type your comment> @hawksvision said:

    Type your comment> @GH057404 said:

    i got the login page and i think this version doesnt have any authentication bypass vuln.
    So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

    its an injection bro

    thanks bro.

  • server down and can anyone suggest a way to crack what i found for o*******n

  • Rooted!!!
    Hints for the box:
    Foothold: Read what the CEO is saying. Once you figured it out, Google is your friend. It won't show up immediately, but you gotta enumerate. Be patient!

    User: Go back to your notes, they will help you. Enumeration is key here.

    Root: As others mentioned, it is GTFO. Yes it is for that command. Check it properly.
  • rooted! :smiley:

    Good box, the initial foothold made me go crazy for all the resets... for who's still struggling in the first part, especially if stuck on the p****** p*****, there is a quicker way with i********e, that could also be scripted for convenience ;-)

    Needed some nudges, so thanks for everyone who helped along the way!
    root has been a breeze, too easy but hey, who cares... :-D

    Do i remember correctly ... someone was saying that there is another way to get root?

  • Does the P******* P***** needs to be turned on or does this not matter for exploiting?

  • User is a fun journey
    also to the second user
    Rooted fun exploit to root

    something is installed that will give you root

  • is a payload with c***s needed for user?

  • i need a nudge with initial foothold, i can't get to **m even though i think i found the way. pm me or text me on discord Feror#0569

  • Rooted

    With this machine I have learned a new way of injection for myself in the po **** part. An excellent box, congratulations to the creator.

    Foothold: Enum and enum. Read the home pages contains valuable information. Otherwise this forum has more than enough information for this part.

    first user: This is the part that has taken me the longest but where I have really learned something. first enum, google and sleep long time is the key to not go crazy.

    second_user-root: The name of the box is key and gtfo for root.

    Feel free to pm for any tips.

  • In need of help for first user. any nudge would be appreciated

  • guys im stuck i got another domain, however not able to open it. Tried editing the hosts file but maybe not in the right way. Any help will be appriciated.

  • please dm me.

  • finally owned

  • anyone who needs a nudge can dm me

  • This box was great, thank you ASHacker!

    Small hint:
    There is an automated tool that will fail you at one point. That tool now has a PR open to make it work properly in this situation.

  • I got SQLi
    and got users tables creds
    but still couldn't manage to login
    Any hints guys?

  • There was another table :disappointed:
    nvrmind

  • Well, now i'm stuck at cracking the hash with it's salt
    Am i missing something?

  • Just one question why root is so easy??

  • edited May 16

    i*******e login page is half in another language and the password changed with no resets left for the day, this box is gonna be the death of me :/

    Got a more stable box with a region change and rooted. Besides the minor annoyances that many people are experiencing, this was a good box that I learned a ton from.

Sign In to comment.