Cache

1101112131416»

Comments

  • Rooted, I also got root + user kind of together.
    Feel free to DM for nudges

  • Rooted. Foothold was very new for me, but the user and the root went very fast.
    DM me for nudges :)

    Hack The Box

  • rooted!!! . my first medium box, thanks @ASHacker . all the tips have already been explained.

    Hack The Box

  • edited September 2020

    Rooted !!. @ASHacker by the way I found two way to by ROOT but one of this doesn´t have the flag ... let me know if this is true or I found other way LOL !!! I had a lot of fun !!! My first CTF. I can not way for more. THANKS

  • Is it just me or is this a little too guess-y for the foothold

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @LMAY75 said:

    Is it just me or is this a little too guess-y for the foothold

    It depends how you did it. For me it was enumeration, find thing, find public exploit for thing, exploit thing, have access, use functionality from access, have shell.

    Then it was use creds I'd found during enumeration.

    Not sure there was any step there where I had to guess something. I used a custom wordlist at one stage but that isn't that unusual.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Yay root obtained.

    Finding H** tripped me up, as did finding the exploit for it a bit after - but after that, it all seemed quite interesting.

    Getting root was actually the easiest part IMO.

  • edited September 2020

    Spoiler Removed

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • edited September 2020

    # id
    uid=0(root) gid=0(root) groups=0(root)

    Not sure how I felt about this box tbh. DM me if you need any help

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • what's going on with the box ?
    I can connect to cache.htb but can't access the page after login , and I can't connect to h**.htb, nmap returns closed ports , when the http port is open , can't use owasp , all my fuzzing tools don't work ... that is giving me headaches

  • @HamilcarR said:

    what's going on with the box ?
    I can connect to cache.htb but can't access the page after login

    I am not sure what this relates to so I cant help here.

    , and I can't connect to h**.htb, nmap returns closed ports ,

    There might be a problem with your connection or how you have this up in your hosts. As far as nmap is concerned it should return the same ports as anything else. The hostname only really matters during a HTTP request.

    when the http port is open , can't use owasp , all my fuzzing tools don't work ... that is giving me headaches

    dirb should work.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted. Message for help

  • Got User but submitting flag says error Have reset box still same.

  • Type your comment> @foalma321 said:

    Got User but submitting flag says error Have reset box still same.

    Same issue, tried resetting multiple times and still doesn't work.

  • @foalma321 said:

    Got User but submitting flag says error Have reset box still same.

    @codedninja said:

    Same issue, tried resetting multiple times and still doesn't work.

    This is a regularly discussed issue on most boxes.

    It appears that HTB's dynamic flags can malfunction. The way it seems to work is that after a reset the flag gets registered with the scoring server so if the box resets between you getting the flag and you submitting the flag, your flag will be incorrect.

    There does seem to be a problem that sometimes the flag isn't being set, which means the flag you get will never work.

    People have suggested a reset is the solution but if this doesn't work the best thing is to raise a JIRA ticket with HTB to get it resolved. For me, if people don't raise tickets, HTB will never appreciate what the problem is and won't know if they need to fix it.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted. First part was a little annoying, because somebody turned off ur pl every minute. But after getting initial shell lateral movement was easy.
    @ASHacker thank you for this box!

    N0rt0N

  • edited September 2020

    After Scanning port for cache machine got two port open, can any one help to move forward

  • edited September 2020
    @prashantbhatt said:

    > After Scanning port for cache machine got two port open ssh and 80 port, can any one help to move forward

    Try to put some work on it. If 80 port is opened means you can check the website. Google all the things you see in the webpage. This is the one which helps you for sure.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @prashantbhatt said:

    After Scanning port for cache machine got two port open, can any one help to move forward

    Enumerate the higher port number.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rooted!
    feel free for nudges

  • Type your comment> @gunroot said:

    @prashantbhatt said:

    After Scanning port for cache machine got two port open ssh and 80 port, can any one help to move forward

    Try to put some work on it. If 80 port is opened means you can check the website. Google all the things you see in the webpage. This is the one which helps you for sure.

    Thanks a lot

  • @TazWake said:
    @prashantbhatt said:

    After Scanning port for cache machine got two port open, can any one help to move forward

    Enumerate the higher port number.

    Thank u ;)

  • edited October 2020

    Spoiler Removed

  • @KRyptonZ said:

    Am I missing sth ?

    Possibly but without knowing what you are doing, it is hard to work out what. The response you are getting is saying it has found a page you have requested, I dont know what you are trying to request or how you are trying to request it. (Or even what response you expect).

    Looking at the location, and assuming you are trying to do what I think you are trying to do, I can only suspect you are in the wrong place.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited October 2020

    ROOTED!
    I really enjoyed this box, I pulled my hair out from time to time tho, thanks @TazWake for the hint that got me to root access, if you are stuck feel free to send me a PM :)

  • I'm having an issue testing the first exploit in the browser i'm getting Oops something went wrong in Firefox, rather than the expected error, any help would be great. I can ping the machine.

Sign In to comment.