Cache

I’ve dumped the database, but nothing is really usable there… can someone PM me or nudge me as to how I’m supposed to go from sqli to creds?

edit: nvm, I was manually injecting and for some reason didn’t get all the output…

Rooted :slight_smile:

I’d love to get a nudge… I’m still struggling with basic enumeration… I found the rabbit hole… not really sure how to proceed. I found the clue based on what the author had created, but struggling with how to get there… PM appreciated =)

EDIT: Rooted. Found two ways to get initial foothold, one is disruptive but there is an easier way. After that, it’s pretty straight forward… enumerate EVERYTHING to get to user 2, then simple enumeration will show you something exploitable to root if you’ve done this before

Thanks to @TazWake

If anyone’s done the extraction manually, please PM me. I’m curious about the syntax.

Need a help with foothold, please dm, found a h**.h**, and o******_sqli msf module, but don’t know how to use it

@mrshershulya said:

Need a help with foothold, please dm, found a h**.h**, and o******_sqli msf module, but don’t know how to use it

I dont think you need MSF for this box. You will find it a lot easier to manually enumerate things and then exploit them. Its good to learn fuzzing tools.

Rooted! Feel free to DM me if you need a hint :slight_smile:

I have found the p*****, and the pdf which describes the vulnerabilities, but I cannot exploit either of them. Any help would be highly appreciated!

Took me a while, but finally rooted. Thanks to @ASHacker for the box creation, and @MrHyde for some helpful hints.

If you need a nudge or hint, pm me!!

i cant find that H************, uff - can someone give a hint? pm
edited: wow i messed up about 3 hours with a typo rofl

Spoiler Removed

YEY for root.

Footholder: Enumerate everything and take notes.
-Get to know the author.
-Make things close to home
-The internet is your friend
First User: Sometimes it is that simple, if you enumerated from the start.
Second user: cached
Root: Please leave.

I was nudged, I would love to return the favor.

Hi,
Awesome box, thanks @ASHacker :slight_smile:
Feel free to PM me if you need help.

Ok, here for the first time I got root before user.
That would be just ok, if only not because I really have no clue on how it could have been achieved differently…
I mean, the path was so straightforward that i hardly can imagine how user could be useful to get to root…
If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…

@Chobin73 said:

If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…

I’d be happy to discuss this because I cant see how you’d get to the root without hopping through user.

Type your comment> @TazWake said:

@Chobin73 said:

If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…

I’d be happy to discuss this because I cant see how you’d get to the root without hopping through user.

i sent you a pm…

@Chobin73 said:

Type your comment> @TazWake said:

@Chobin73 said:

If anyone wants to help me in understanding something more, please pm me, becasue i have the horrible sensation of having missed something that is worth to learn…

I’d be happy to discuss this because I cant see how you’d get to the root without hopping through user.

i sent you a pm…

Nice one - thank you!

Rooted! Happy to answer any questions via a pm

Has anyone exploited the box without sqlmap? I would have a question for manual exploiting.

I really enjoyed this machine. Many many hints exist on here, I don’t think I can add anything at least. Cheers to @ASHacker for a decent box. DM me, should you wish, for nudges or poke me over on Discord.

A very honest tip gained from struggling, if your P*P is disabled/not working and restarting doesn’t help switch to a different server immediately. for the EU free server it was impossible to work on due to instability of machine and people who use exploits without knowledge and consideration about others !!

Just GotRoot! This is one of my favorites boxes. Not sure if I followed the designed path but I got root before I got user, curious to see other peoples wright-ups later on. I did get stuck twice on this box ( initial foothold and root privesc)

Nudges:
Initial foothold: Don’t overthink this or go for the rabbit holes. Make sure to enumerate the page and read everything for clues. Once you know you are in the right place GOOGLE.
User: Once you find yourself with a shell enumerate and investigate anything interesting
Root: Easiest root I’ve ever done. simple privesc script and a quick google is all you need