So my little advice is "txt is superior to py" For everyone sake please use the non destructive way in rather than ruining everyone's game. Root was breeze and enjoyable.
Phew!!...finally. I think I took the long way round but I eventually managed to get root. I won't leave any hints here because what's already here will get you there (eventually). I certainly wouldn't have got here without the hints so thanks to all you smart cookies.
I've been experiencing severs connection problems (I cannot reach the p***** or any other site on port 80) every 2 minutes on vip with that box, does anyone else have a similar problem?
Type your comment> @mrvanee said:
> Well this sucks. on the login page there is now just a PHP shell... Don't know who did that
They call themselves hackers..I thought part of it was being covert?? I snuck a nice webshell somewhere that's very well hidden and disguised so I have a backdoor.
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
I've been experiencing severs connection problems (I cannot reach the p***** or any other site on port 80) every 2 minutes on vip with that box, does anyone else have a similar problem?
I got it, but after awhile the site got back. i think the server got spammed with dirbusters
finally rooted Cache .. was tricky and easy as well ... need some enumeration and thenn enumeration and then enumeration.. finally some shell and rootrd..!!!!
Thanx alot @itachi982 for your wonderfull support
How come the vulnerabilities are not in Searchsploit ?
The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow
Can fucking confirm, it is painfully slow
Someone plz DM me with better way
If you look at the code , and you did enough enumeration to understand what tables you want, you can modify the metasploit module to only download the table you want. You should be able to figure it out and download the table if far less time that waiting for it to complete.
How come the vulnerabilities are not in Searchsploit ?
The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow
Can fucking confirm, it is painfully slow
Someone plz DM me with better way
If you look at the code , and you did enough enumeration to understand what tables you want, you can modify the metasploit module to only download the table you want. You should be able to figure it out and download the table if far less time that waiting for it to complete.
I did that and it still took me easily 30min... i'm now doing it the intended way which is interesting.
Got root. Yay! I think getting the foothold was the hardest part. I ended up modifying the metasploit to do it as I could not get the other way to work.
Phheew that was a long foothold process. I don't know how the first bloods do it so quick, as on this one the perimeter is quite wide, many things to check.
Comments
So my little advice is "txt is superior to py" For everyone sake please use the non destructive way in rather than ruining everyone's game. Root was breeze and enjoyable.
Just got root, thanks to @Zard and @Dark0 for the nudge.
I have never knew the blue whale and the cache can do this kind of magic...
Rooted late last night. My favourite past was was the second user. Never used this service before. Overall an excellent box.
Type your comment> @garffff said:
me too.. i have never thought this can be exploited... just learned about this moments ago.
rooted, thanks for all who helped me..
user: was not easy for me, as it required to understand the chained vulnerabilities and what to extract..
user2: not that difficult as it related to the box name..
root: quite easy, gtfo, as mentioned by others in this forum..
Be happy, always
you have to do something it is not possible so, the riane box up only for a few seconds and then down again
Cool! Foothold was most "annoying" part.
The rest was really easy.
From login to root took less than 1 hour and half.
Honestly I would rate this a green machine!
Little help, if you're stuck on H** login page, use Google to get info on the running service. DuckDuckGo won't give what you need.
For nudges PM.
Phew!!...finally. I think I took the long way round but I eventually managed to get root. I won't leave any hints here because what's already here will get you there (eventually). I certainly wouldn't have got here without the hints so thanks to all you smart cookies.
That was a lot of fun, especially the path to root. Straightforward if you know the tech, else you'll need some research. Thanks to the box creator.
OSCP | OSWP | so much more to learn ...
I've been experiencing severs connection problems (I cannot reach the p***** or any other site on port 80) every 2 minutes on vip with that box, does anyone else have a similar problem?
> Well this sucks. on the login page there is now just a PHP shell... Don't know who did that
They call themselves hackers..I thought part of it was being covert?? I snuck a nice webshell somewhere that's very well hidden and disguised so I have a backdoor.
More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985
How come the vulnerabilities are not in Searchsploit ?
eCPPT | OSCP
Type your comment> @mA1nfrAm3r said:
I got it, but after awhile the site got back. i think the server got spammed with dirbusters
Type your comment> @lebutter said:
The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow
I thought those were for older versions than the one running
eCPPT | OSCP
Type your comment> @CyberG33k said:
Can fucking confirm, it is painfully slow
Someone plz DM me with better way
Can anyone nudge for initial foothold? Have the username from author page, but pretty lost from there
Finally got root
if anyone needs help PM
finally rooted Cache .. was tricky and easy as well ... need some enumeration and thenn enumeration and then enumeration.. finally some shell and rootrd..!!!!
Thanx alot @itachi982 for your wonderfull support
PM for any support or help.
Type your comment> @ellj said:
If you look at the code , and you did enough enumeration to understand what tables you want, you can modify the metasploit module to only download the table you want. You should be able to figure it out and download the table if far less time that waiting for it to complete.
Type your comment> @CyberG33k said:
I did that and it still took me easily 30min... i'm now doing it the intended way which is interesting.
eCPPT | OSCP
I have the pass and salt from the table but is it normal that the former is that short?
web broken and no reboots allowed until tomorrow
. Now that i am moving forward..
greate experience, gotta admit i asked for help because i didn't read the comments at first, always read the comments
Type your comment> @luca76 said:
Yeah, definitely... :-(
Here's the situation, at the moment:
WARNING: Failed to daemonise. This is quite common and not fatal.
Connection refused (111)
Finally
[email protected]:~# id && hostname && date
uid=0(root) gid=0(root) groups=0(root),
cache
Tue May 12 21:38:01 UTC 2020
Foothold and user were both abominable pains because of the instability of this box.
Learned something new with both phases of root privesc though, which I appreciated.
The best hints are already out there.
Got root. Yay! I think getting the foothold was the hardest part. I ended up modifying the metasploit to do it as I could not get the other way to work.
you broke the balls, because you always reset, so it is impossible, you have to take measures in my opinion
Type your comment> @syn4ps said:
I have the same issue. Rabbit hole maybe? I dunno what to think anymore with the portal getting turned off so often.
Phheew that was a long foothold process. I don't know how the first bloods do it so quick, as on this one the perimeter is quite wide, many things to check.
eCPPT | OSCP