Cache

Type your comment> @HomeSen said:

@bobthebadger said:

Found stuff after much messing and hints on here.
Is the “gateway” meant to be running?

Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).

Thanks, I try to avoid resets where possible, as I know how annoying they can be to everyone, but it it’s broken…I’ll have to “turn it off and on again”.

I try to avoid them, too. But it took me quite a long time to realize (or rather get pointed to the fact) that something that said it were disabled, should actually be enabled/available.
And when people follow a certain guide and use a certain readily available script, then things will break for everyone :wink:

Interesting box. Renew many things I thought I knew, but actually, I’m not :-).

Type your comment> @HomeSen said:

@bobthebadger said:

Found stuff after much messing and hints on here.
Is the “gateway” meant to be running?

Not sure what it exactly is meant to be, but:
I anything tells you it was disabled, then someone broke the service, again, and you need to reset the machine (there should really be some kind of cronjob that periodically fixes the broken config file).

Definitely agree! This machine is pissing me off like anything else before! :frowning:

rooted the box, got root then user. thanks to creators for this great box.
pm me for help if you needed.

This box really tested my patience. It was a great learning experience, thx @ASHacker .

Spoiler Removed

I truly have no fucking clue how you guys are getting from the author page, to this H** thing. It’s obvious from the comments here what the eventual service must be, but I don’t see any link to it whatsoever when googling. Also, how is anyone even dirbing this box? I can run through like 800 words before each reset. Really annoying.

edit: ■■■■■■■■ it, that was so obvious. How did I not see that.
For anyone else in the same boat: don’t keep fuzzing the box. You know how usually in windows boxes you need to change your hosts file to something very similar to the box name, if not the name itself? Well, that doesnt exactly apply here.

Rooted. Very fun box, but I get the impression that I didn’t follow the intended path, as I didn’t get the user flag until I was root.

Not sure if possible but it would be awesome to disable the exploit that everyone is using which causes constant resets. It’s very frustrating.

So, rooted.
Special thanks for privesc, now I know more :wink:
Feel free to pm me for hints.

Rooted! Interesting box

Should require a little nudge, feel free to PM!

finally got passed the Po*****
have username and password
got the rev shell searching for the second user now

nice box

i got the login page and i think this version doesnt have any authentication bypass vuln.
So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

Type your comment> @GH057404 said:

i got the login page and i think this version doesnt have any authentication bypass vuln.
So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

its an injection bro

Type your comment> @hawksvision said:

Type your comment> @GH057404 said:

i got the login page and i think this version doesnt have any authentication bypass vuln.
So, could someone tell me that do i need to try authentication bypass or do i need to use any creds.

its an injection bro

thanks bro.

server down and can anyone suggest a way to crack what i found for o*******n

Rooted!!!
Hints for the box:
Foothold: Read what the CEO is saying. Once you figured it out, Google is your friend. It won’t show up immediately, but you gotta enumerate. Be patient!

User: Go back to your notes, they will help you. Enumeration is key here.

Root: As others mentioned, it is GTFO. Yes it is for that command. Check it properly.

rooted! :smiley:

Good box, the initial foothold made me go crazy for all the resets… for who’s still struggling in the first part, especially if stuck on the p****** p*****, there is a quicker way with i********e, that could also be scripted for convenience :wink:

Needed some nudges, so thanks for everyone who helped along the way!
root has been a breeze, too easy but hey, who cares… :smiley:

Do i remember correctly … someone was saying that there is another way to get root?

Does the P******* P***** needs to be turned on or does this not matter for exploiting?