Cache

This box was great, thank you ASHacker!

Small hint:
There is an automated tool that will fail you at one point. That tool now has a PR open to make it work properly in this situation.

I got SQLi
and got users tables creds
but still couldn’t manage to login
Any hints guys?

There was another table :disappointed:
nvrmind

Well, now i’m stuck at cracking the hash with it’s salt
Am i missing something?

Just one question why root is so easy??

i*******e login page is half in another language and the password changed with no resets left for the day, this box is gonna be the death of me :confused:

Got a more stable box with a region change and rooted. Besides the minor annoyances that many people are experiencing, this was a good box that I learned a ton from.

Please PM a hint for foothold. Tried several things for a few days now. No dice.

Does anyone has problem to access /pl? I am getting error: "Patient Pl is turned off". Resetting helps, but the error gets back few moments after it.Accordingly, s****p doesn’t work.

can anyone give me a nudge , got the creds out of the tables and now stumped, cant seem to progress, thanks

Type your comment> @nimportequi said:

Does anyone has problem to access /pl? I am getting error: "Patient Pl is turned off". Resetting helps, but the error gets back few moments after it.Accordingly, s****p doesn’t work.

you don’t actually need that, think someone is probably not careful changing settings

Very good machine although I needed a nudge because I wasn’t patient enough during a certain exploit which makes me believe I might made it the unintended way because I used a certain funny cat tool. Thanks @ASHacker , very good box!

Got user on this box, working on root.

there is so much hint in this forum for user

hint for root :

 L*D

PM me if u need nudge :smiley:

and big thanks for @ASHacker nice box btw!!
Cheers!

Rooted!!

Initial foothold is tricky, root is really very easy.
I struggled a lot because i did not clearly read output of commands.

Thanks to @Dark0 for initial foothold. Thanks to @Str4thus and @gonzaloFSF for hints towards root.

My hints:
Initial foothold:

  1. What has author created apart from cache ? It can be accessed.
  2. There are bunch of vulnerabilities. You need to use multiple vulnerabilities to get initial foothold. Identify which works. There is a video which explains how to do it.

User 1:

  1. You found something in foothold, its not useless. Flip the SWITCH !!

User 2:

  1. Check what services are running on machine. Found something related to machine name ?
  2. Good article to help you exploit it

Root:

  1. What permissions User 2 has
  2. GTFO

PM me if you need a hint

Also
I would like to know the method of initial foothold without hampering the machine. Could anyone enlighten me ?

Finally rooted! Initial foothold was rather circuitous and there were many blind alleys to go through - it took me days to get the initial shell while root took only about 1-2 hours.

Foothold: Once you’ve found the H** that everyone is referring to, the fun begins here. At first, I had to sieve through the many vulnerabilities and decide which to use. In the end, I only relied on what was already available in a certain framework in my attacking box. I suspect there are multiple routes to get to the first web shell. I went the not-so-disruptive way but would be interested to hear of alternative methods that chains vulns together in different ways.

User 1: You might have found something previously which would help.

User 2: It’s a service related to the name of the box.

Root: Blue whale and something special about user 2. There could be slight variations in the root approach. I stumbled for a while before I realised I had to check on images before I could proceed.

Rooted! Feel free to ask me for tips

finally rooted!!!
Thanks @unknwon and @unmesh836 for the nudges.

Rooted! Thanks for all the tips and hints here. Feel free to ping me for any nudges! :smiley:

what am i supposed to do with m*******d?

hey everyone, I’m stuck on cache - I got the service and got the admin but I’m stuck - I know how to exploit the machine afterwards but I need the missing piece to do that, any tips would be appreciated , thanks.