Cache

Rooted. Overall very enjoyable box. Alot of the hints in this thread are accurate. For root, dont forget about the other user. (There seem to be multiple ways to root this box)

Can anybody tell me what is the connection between H** with the machine ? or how I do so ?

rooted

rooted

rooted

Nice box, rooted…

if you need help, can ask me

rooted

I’ve done it

id

uid=0(root) gid=0(root) groups=0(root)

Thanks @ASHacker for this Box and my team-mates for tips and helps :slight_smile:

Type your comment> @HomeSen said:

So, found some credentials, but they don’t work for the H** part. Found a boatload of vulns for that service, but always getting an error about something missing, when I bypass authentication (and try to access any of the vulnerable pages).
Anyone willing to shed some light on what I’m missing here?

I am stuck at the same point

Type your comment> @fr0ster said:

I’ve done it

id

uid=0(root) gid=0(root) groups=0(root)

Thanks @ASHacker for this Box and my team-mates for tips and helps :slight_smile:

Doesn’t count if you don’t show the hostname of the machine :lol:

Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.

Type your comment> @myrtle said:

Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.

Yeah, did you reset the box recently? Because I was in with some users found, but after a few minutes the credentials were not working anymore… I’m not sure if someone modified them, so I found a false positive…

Type your comment> @daemonzone said:

Type your comment> @myrtle said:

Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.

Yeah, did you reset the box recently? Because I was in with some users found, but after a few minutes the credentials were not working anymore… I’m not sure if someone modified them, so I found a false positive…

No, It was last night. GMT+1, on EU-VIP 14

Fun box. Inbox is always open for hints. Thanks @ASHacker! Enjoyed the whole experience.

Are the credentials used for the first login also to be used for the second? Because it sometimes logs in but sometimes it says the credentials are invalid.

I got serval username and password , but can not login. otherwise i got another salt password, can not decrypt. please help me

Type your comment> @0x41 said:

god dammit, just found the H**
this is the first box that i’ve seen that does that, it shouldn’t be allowed ???

EDIT: so i have no idea how you’re supposed to get user, but rooted :^)

Totally agree with you on this one … but once you bite the clue its a matter of time till you discover it … maybe it will be more in line if it was bit like previous machines with v****.

Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\

Type your comment> @mrvanee said:

Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\

That is the situation in free servers … Vip is the cure …

rooted! thanks @Dark0 for the nudge !