Cache

13468916

Comments

  • edited May 2020

    Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked ...... And, as I did not use the forum for nudges, I explored further and downloaded all files to examine ... lol.

    myrtle

    To contact me, please use Discord Myrtle#5162

  • Type your comment> @myrtle said:

    Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked ...... And, as I did not use the forum for nudges, I explored further and downloaded all files to examine ... lol.

    Yeah, did you reset the box recently? Because I was in with some users found, but after a few minutes the credentials were not working anymore... I'm not sure if someone modified them, so I found a false positive....

  • Type your comment> @daemonzone said:

    Type your comment> @myrtle said:

    Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked ...... And, as I did not use the forum for nudges, I explored further and downloaded all files to examine ... lol.

    Yeah, did you reset the box recently? Because I was in with some users found, but after a few minutes the credentials were not working anymore... I'm not sure if someone modified them, so I found a false positive....

    No, It was last night. GMT+1, on EU-VIP 14

    myrtle

    To contact me, please use Discord Myrtle#5162

  • Fun box. Inbox is always open for hints. Thanks @ASHacker! Enjoyed the whole experience.

    skunk

    Happy to offer nudges to anyone on boxes I've done, provided you show that you've reasonably tried to understand what the goal is! If I do help, please consider giving respect!

  • Are the credentials used for the first login also to be used for the second? Because it sometimes logs in but sometimes it says the credentials are invalid.

    Vex20k

  • I got serval username and password , but can not login. otherwise i got another salt password, can not decrypt. please help me

  • Type your comment> @0x41 said:

    god dammit, just found the H**
    this is the first box that i've seen that does that, it shouldn't be allowed ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

    EDIT: so i have no idea how you're supposed to get user, but rooted :^)

    Totally agree with you on this one ... but once you bite the clue its a matter of time till you discover it ... maybe it will be more in line if it was bit like previous machines with v****.

  • Well this sucks. on the login page there is now just a PHP shell... Don't know who did that :\

  • Type your comment> @mrvanee said:

    Well this sucks. on the login page there is now just a PHP shell... Don't know who did that :\

    That is the situation in free servers ... Vip is the cure ...

  • rooted! thanks @Dark0 for the nudge !

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • Finally rooted

  • And rooted :) Almost got root before getting user, but then found the way in :D
    Really a nice box, though I didn't like that fact that others can easily break the whole machine (or sometimes just partially, which makes gaining foothold even more frustrating), which then requires a reset of the machine. For those who haven't solved it yet: There are less intrusive ways of gaining access to the machine. There is no need to change anything ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • How do you find the location for H** on the server?

  • Type your comment> @Dark0 said:

    Nice box, rooted...

    if you need help, can ask me

    got credentials saw something like h.h how to go further

  • rooted. That was a fun box. My hint would be that there are definitely ways around a certain thing being turned off. Youll have to read to figure out why.

    From there, it is very straight forward with normal enumeration. Nothing too crazy. Very much enjoyable.

    Hack The Box

  • Hi ! I'm desperately searching for the H* file using what I read on a*.h. And I haven't found anything yet, a nudge would be appreciated. :smile:

  • Can someone PM me and give me a hand on the guessing part please? I literally bruteforced every H** possible directories and still stuck, and google searches didn't provide me any additional hint. I'm not good at this guessing stuff, I just want to exploit things.

  • Still stuck on the rabbit hole. Please help. Not able to proceed

  • Type your comment> @breakndenter said:

    Type your comment> @mrvanee said:

    Well this sucks. on the login page there is now just a PHP shell... Don't know who did that :\

    That is the situation in free servers ... Vip is the cure ...

    Yeah i just got VIP ;)

  • Is anyone having trouble with the first exploit after the foothold. It takes FOREVER to run and all of the data is blank. I had to modify the exploit to target exactly the data I want before it would return anything

  • Rooted

    Overall fun box which teached me a lot. Pay attention to details, write things down while enumerating and keep things simple

    PM for nudges

  • who the f keep turning off the p***** ***e

  • Rooted. Fun box.

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Type your comment> @vicio said:

    Type your comment> @fr0ster said:

    I've done it

    id

    uid=0(root) gid=0(root) groups=0(root)

    Thanks @ASHacker for this Box and my team-mates for tips and helps :)

    Doesn't count if you don't show the hostname of the machine :lol:

    Ok :wink:

    # cat <hide>/hostname && id
    cache
    uid=0(root) gid=0(root) groups=0(root)
    
  • Looks like there is another login page for H**, but I can't find it anywhere! Any hints?

  • Rooted! Very nice box!

  • edited May 2020

    finally!!! got root good machine , with quite good challanges like sq** and dock** ,

    Foothold: enumeration is key ,look closer and find exploit be more specific in chossing exploit

    user: Take notes to keep track what have u found ,may be it can be used later;
    root: Take advantage of services hosted locally that will lead u to root , again enumeration is key,Keep digging u should know your powers;

    if u need help Discord: itachi982#0535

    if that helped u give me respect at : #itachi982 #ID:182298
    :smile: :smile: :wink:
    Thanks @hg8 , @cerebro11 , @71xn

    Happy hacking,Try harder.
    itachi982

  • Type your comment> @StormCr0 said:

    Looks like there is another login page for H**, but I can't find it anywhere! Any hints?

    fuzz that virtual host network

  • edited May 2020
    Rooted. Cool box, i learned a few things. Overall, I think Admirer was a bit harder than this one, but both were good experiences.

    1) Enum and Foothold is the most challenging part of this box
    2) Due to issues I had with the low priv shell, I ended up doing the work to get to the 'lateral' user first, got a better shell and then was able to back up into the user holding the flag based on enum.
    3) root isn't difficult, just knowing who you are and some quick research if you are not familiar with the privesc.

    Thanks to @Dark0 for the nudge on the foothold.

    limelight

  • @sparkla said:
    Do I need the second user for root? Please P.M. if it's a spoiler

    This depends on what your current user is. I got the "second" user before gaining access to the first one :D


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

Sign In to comment.