Fun box. Inbox is always open for hints. Thanks @ASHacker! Enjoyed the whole experience.
Are the credentials used for the first login also to be used for the second? Because it sometimes logs in but sometimes it says the credentials are invalid.
I got serval username and password , but can not login. otherwise i got another salt password, can not decrypt. please help me
Type your comment> @0x41 said:
god dammit, just found the H**
this is the first box that i’ve seen that does that, it shouldn’t be allowed ???EDIT: so i have no idea how you’re supposed to get user, but rooted :^)
Totally agree with you on this one … but once you bite the clue its a matter of time till you discover it … maybe it will be more in line if it was bit like previous machines with v****.
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
Type your comment> @mrvanee said:
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
That is the situation in free servers … Vip is the cure …
Finally rooted
And rooted Almost got root before getting user, but then found the way in
Really a nice box, though I didn’t like that fact that others can easily break the whole machine (or sometimes just partially, which makes gaining foothold even more frustrating), which then requires a reset of the machine. For those who haven’t solved it yet: There are less intrusive ways of gaining access to the machine. There is no need to change anything
How do you find the location for H** on the server?
Type your comment> @Dark0 said:
Nice box, rooted…
if you need help, can ask me
got credentials saw something like h**.h** how to go further
rooted. That was a fun box. My hint would be that there are definitely ways around a certain thing being turned off. Youll have to read to figure out why.
From there, it is very straight forward with normal enumeration. Nothing too crazy. Very much enjoyable.
Hi ! I’m desperately searching for the H* file using what I read on a***.h**. And I haven’t found anything yet, a nudge would be appreciated.
Can someone PM me and give me a hand on the guessing part please? I literally bruteforced every H** possible directories and still stuck, and google searches didn’t provide me any additional hint. I’m not good at this guessing stuff, I just want to exploit things.
Still stuck on the rabbit hole. Please help. Not able to proceed
Type your comment> @breakndenter said:
Type your comment> @mrvanee said:
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
That is the situation in free servers … Vip is the cure …
Yeah i just got VIP
Is anyone having trouble with the first exploit after the foothold. It takes FOREVER to run and all of the data is blank. I had to modify the exploit to target exactly the data I want before it would return anything
Rooted
Overall fun box which teached me a lot. Pay attention to details, write things down while enumerating and keep things simple
PM for nudges
who the f keep turning off the p***** ***e
Rooted. Fun box.