Cache

18911131417

Comments

  • Please PM a hint for foothold. Tried several things for a few days now. No dice.

  • Does anyone has problem to access /p****l? I am getting error: "Patient P****l is turned off". Resetting helps, but the error gets back few moments after it.Accordingly, s****p doesn't work.

  • can anyone give me a nudge , got the creds out of the tables and now stumped, cant seem to progress, thanks

  • Type your comment> @nimportequi said:

    Does anyone has problem to access /p****l? I am getting error: "Patient P****l is turned off". Resetting helps, but the error gets back few moments after it.Accordingly, s****p doesn't work.

    you don't actually need that, think someone is probably not careful changing settings

  • Very good machine although I needed a nudge because I wasn't patient enough during a certain exploit which makes me believe I might made it the unintended way because I used a certain funny cat tool. Thanks @ASHacker , very good box!

    k4wld
    Discord: k4wld#5627

  • Got user on this box, working on root.

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • edited May 16

    there is so much hint in this forum for user

    hint for root :

     L*D
    

    PM me if u need nudge :smiley:

    and big thanks for @ASHacker nice box btw!!
    Cheers!

  • Rooted!!

    Initial foothold is tricky, root is really very easy.
    I struggled a lot because i did not clearly read output of commands.

    Thanks to @Dark0 for initial foothold. Thanks to @Str4thus and @gonzaloFSF for hints towards root.

    My hints:
    Initial foothold:
    1. What has author created apart from cache ? It can be accessed.
    2. There are bunch of vulnerabilities. You need to use multiple vulnerabilities to get initial foothold. Identify which works. There is a video which explains how to do it.

    User 1:
    1. You found something in foothold, its not useless. Flip the SWITCH !!

    User 2:
    1. Check what services are running on machine. Found something related to machine name ?
    2. Good article to help you exploit it

    Root:
    1. What permissions User 2 has
    2. GTFO

    PM me if you need a hint

    Also
    I would like to know the method of initial foothold without hampering the machine. Could anyone enlighten me ?

  • Finally rooted! Initial foothold was rather circuitous and there were many blind alleys to go through - it took me days to get the initial shell while root took only about 1-2 hours.

    Foothold: Once you've found the H** that everyone is referring to, the fun begins here. At first, I had to sieve through the many vulnerabilities and decide which to use. In the end, I only relied on what was already available in a certain framework in my attacking box. I suspect there are multiple routes to get to the first web shell. I went the not-so-disruptive way but would be interested to hear of alternative methods that chains vulns together in different ways.

    User 1: You might have found something previously which would help.

    User 2: It's a service related to the name of the box.

    Root: Blue whale and something special about user 2. There could be slight variations in the root approach. I stumbled for a while before I realised I had to check on images before I could proceed.

  • Rooted! Feel free to ask me for tips

  • finally rooted!!!
    Thanks @unknwon and @unmesh836 for the nudges.

  • edited May 17

    Rooted! Thanks for all the tips and hints here. Feel free to ping me for any nudges! :D

  • what am i supposed to do with m*******d?

  • hey everyone, I'm stuck on cache - I got the service and got the admin but I'm stuck - I know how to exploit the machine afterwards but I need the missing piece to do that, any tips would be appreciated , thanks.

  • Rooted box!

    I want left one comment, what for me was pain and there is no nudge on the forum, pay attention how resolve juice string. This part was Foothold, the part more tricky.

  • Rooted.

    Happy to provide hints, just let me know where you are and what you've tried.

    marlasthemage

  • finally rooted!! pm me if you need any nudges

  • Finally rooted
    great thanks to @Dw0rdPwn3r
    also many many thanks to you guys @ellj @CyberG33k

  • edited May 19

    This has to be one of the most frustrating machines in the site. From the random hangs of the service to the weird errors on things that were working before...

    Edit: Rooted it.

    The initial foothold was harder than necessary in comparison with the root. But enjoyed it anyway.

    Hack The Box

  • what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

  • Owned this machine finally. User part took some time and root privesc is very easy. One can do it in 1 mins under.
    PM me for hints only. Let me know where you are now and what you did so far.
    Happy to help.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Type your comment> @MrSHolmes said:

    what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

    Dont take this personal, but srsly GTFO ! :D

    e-nigmaNL

  • What a ride, always feel a bit confused with some part of user : bit of guessing or classic hacker knowledge .?? I really sucks at this part.
    The root part is easy
    Thanks @Dw0rdPwn3r and @unknwon for their help
    Feel free to PM for nudge.

    Hack The Box

  • nice box

  • Done. PM if help needed

  • Is anyone struggling with O*****R Exploit

  • @alesawe said:

    Is anyone struggling with O*****R Exploit

    Read through some of the public documentation and try out the POC code provided. Then it should be fairly simple.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @enigmaNL said:

    Type your comment> @MrSHolmes said:

    what are good resources to learn docker hacking. google obviously. But in case someone has precise and good blogs/ channels etc. Thanks

    Dont take this personal, but srsly GTFO ! :D

    haha..that was a good clue. I am reading it.

  • Nice box, the root part is easy, really interesting the user part.
    Thanks @ASHacker .

  • Pretty interesting way from foothold to l***y, root is easy, but learned about that service, thanks!

Sign In to comment.