I’ve done it
id
uid=0(root) gid=0(root) groups=0(root)
Thanks @ASHacker for this Box and my team-mates for tips and helps
I’ve done it
uid=0(root) gid=0(root) groups=0(root)
Thanks @ASHacker for this Box and my team-mates for tips and helps
Type your comment> @HomeSen said:
So, found some credentials, but they don’t work for the H** part. Found a boatload of vulns for that service, but always getting an error about something missing, when I bypass authentication (and try to access any of the vulnerable pages).
Anyone willing to shed some light on what I’m missing here?
I am stuck at the same point
Type your comment> @fr0ster said:
I’ve done it
id
uid=0(root) gid=0(root) groups=0(root)
Thanks @ASHacker for this Box and my team-mates for tips and helps
Doesn’t count if you don’t show the hostname of the machine :lol:
Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.
Type your comment> @myrtle said:
Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.
Yeah, did you reset the box recently? Because I was in with some users
found, but after a few minutes the credentials were not working anymore… I’m not sure if someone modified them, so I found a false positive…
Type your comment> @daemonzone said:
Type your comment> @myrtle said:
Well. wasted 2 hours because someone decided to disable the p****** p*****. After a reset it magically worked … And, as I did not use the forum for nudges, I explored further and downloaded all files to examine … lol.
Yeah, did you reset the box recently? Because I was in with some
users
found, but after a few minutes the credentials were not working anymore… I’m not sure if someone modified them, so I found a false positive…
No, It was last night. GMT+1, on EU-VIP 14
Are the credentials used for the first login also to be used for the second? Because it sometimes logs in but sometimes it says the credentials are invalid.
I got serval username and password , but can not login. otherwise i got another salt password, can not decrypt. please help me
Type your comment> @0x41 said:
god dammit, just found the H**
this is the first box that i’ve seen that does that, it shouldn’t be allowed ???EDIT: so i have no idea how you’re supposed to get user, but rooted :^)
Totally agree with you on this one … but once you bite the clue its a matter of time till you discover it … maybe it will be more in line if it was bit like previous machines with v****.
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
Type your comment> @mrvanee said:
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
That is the situation in free servers … Vip is the cure …
Finally rooted
And rooted Almost got root before getting user, but then found the way in
Really a nice box, though I didn’t like that fact that others can easily break the whole machine (or sometimes just partially, which makes gaining foothold even more frustrating), which then requires a reset of the machine. For those who haven’t solved it yet: There are less intrusive ways of gaining access to the machine. There is no need to change anything
How do you find the location for H** on the server?
Type your comment> @Dark0 said:
Nice box, rooted…
if you need help, can ask me
got credentials saw something like h**.h** how to go further
rooted. That was a fun box. My hint would be that there are definitely ways around a certain thing being turned off. Youll have to read to figure out why.
From there, it is very straight forward with normal enumeration. Nothing too crazy. Very much enjoyable.
Hi ! I’m desperately searching for the H* file using what I read on a***.h**. And I haven’t found anything yet, a nudge would be appreciated.
Can someone PM me and give me a hand on the guessing part please? I literally bruteforced every H** possible directories and still stuck, and google searches didn’t provide me any additional hint. I’m not good at this guessing stuff, I just want to exploit things.