Cache

1235717

Comments

  • Stuck on root, people talk about gtfo but i tried the obvious path but nothing worked. Any hints?

  • I never get these kind of "clues" on the website nor on the forums. Very bad at these guessing games and OSINT - and I can't find it entertaining either.

    @Warlord711 said:
    Should you be able to use the creds on first place on the other place ? Not sure if I need to reset again because some idiot changed the password.

    On VIP they don't work on SS* either.

    Hack The Box

  • Oh hell, everyone just doesn't go to the way back machine and search for cache.htb, no one will want to see those stuff.

  • I'm on EU free 1, It is giving me a login page before, but now it gives me "Check that mysqld is running." instead, is it my problem, or is it intended? or anyone of you has this problem too?

  • Type your comment> @Kaiziron said:

    I'm on EU free 1, It is giving me a login page before, but now it gives me "Check that mysqld is running." instead, is it my problem, or is it intended? or anyone of you has this problem too?

    No it is not intended. People are f**kin this machine with slegdehammers. I cannot receive a shell due to this problem.

  • Annoying when people turn services off. A certain portal that was just online has now been turned off.

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • I am on the box as a*** struggling to find path to L****.

    Hack The Box
    OSCP | GPYC | GPEN | GWAPT | GCFA | GCIH | CISSP

  • Is Bruteforcing need for auth of H**?

  • No, just good enumeration and reading up on applicable POCs to manually perform.

    Hack The Box
    OSCP | GPYC | GPEN | GWAPT | GCFA | GCIH | CISSP

  • it was very fun. thanks @ASHacker

  • Rooted! Really nice and fun machine!
    Initial foothold: Always read some info about the author. It might hosts something interesting.
    To User: You need multiple chained vulnerabilities to get that searchploit to work. Then remember all the basic enumeration.
    Lateral movement: Check who listens
    Root: What are you part of? Then gtfo

  • hg8hg8
    edited May 10

    Nice box, learned a few tricks. Thanks @ASHacker! And @su1tan for the nudge ;)

    Tips

    Foothold: Check every pages, it will give you the information you need to progress.

    User: You will have to link multiple vulns and look back at your beginning to land the right shell.

    Root: Check for services listening ports and use that to pivot, and then you will quickly find what you need to exploit ;)

    Good luck everyone!

  • rooted!!
    Thanks for creating a nice box @ASHacker

    My YouTube Channel => https://www.youtube.com/c/NatzSec
    You can subscribe if you want :P

  • Rooted! A very interesting box for me :)
    Hints:

    Foothold- Try to understand what the CEO of Cache wants to say ;) You may fall into a rabbit hole at first as i did. But the info from rabbit hole could be useful for the future. Make notes :)

    User- Whatever you've got in foothold, try to find its vulnerabilities and carefully understand the exploit and see what it's doing. You may have to chain up different vulnerabilities :D

    Root- See what different things like to listen and after that f3tch what you are looking for. Then you may have to dive deep in the ocean for root ;)

  • edited May 10

    Guys someone playing with hashes?, I get both user and root hash says "Incorrect hash for Cache" ??? W***???, after all this hard work!!!!!!,

    Edit:

    Resetting and redoing got me the working flag, I believe there is an issue in flag rotation. I saw a couple of members complained the same earlier. @ASHacker thanks for making a good learning machine. Enjoyed it :).

  • So, found some credentials, but they don't work for the H** part. Found a boatload of vulns for that service, but always getting an error about something missing, when I bypass authentication (and try to access any of the vulnerable pages).
    Anyone willing to shed some light on what I'm missing here?


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Got root! great box @ASHacker I learned alot.

    Hack The Box
    OSCP | GPYC | GPEN | GWAPT | GCFA | GCIH | CISSP

  • edited May 10

    Spoiler Removed

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • @Termopan said:
    Initial foothold: Always read some info about the author. It might hosts something interesting.

    Why didn't this work when I tried it first time? Seems to be my curse, always happens to me.

    Hack The Box

  • Type your comment> @iamdevill said:

    I am Stuck at n**.h**** page. Does it have to do something with the image? Please help...

    its a rabbit hole

  • edited May 10

    is sh**l.p** intended?

  • I've rooted the box without referring to gtfobins, so I am not sure why people keep saying that.

    Or maybe I've rooted the box with the unintended way.

    Happy to discuss.

  • You can do it gftobins way or not, either way it both relate to the same binary.

    b3nn
    PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.

  • P*****t p****l is turned off!
    is it normal ? Or someone broked while exploiting ?

  • Rooted. Overall very enjoyable box. Alot of the hints in this thread are accurate. For root, dont forget about the other user. (There seem to be multiple ways to root this box)

  • Can anybody tell me what is the connection between H** with the machine ? or how I do so ?

    image
    Respect me if I helped U

  • rooted

  • edited May 11

    rooted

  • rooted

  • Nice box, rooted...

    if you need help, can ask me

Sign In to comment.