Cache

Fun and interesting box! I have learnt a few thing!
Congrats @ASHacker !

Took me too long to get the initial foothold. I don’t think I followed the designed path. I got access to one of the accounts (without flag) after initial foothold, and then immediately got root (and thus user 10 seconds later)…

Fun box. Real life enough to be encountered for real somewhere.

Hints:

  • Initial: You don’t need to search for exploit code once you find the interesting part. It’s more interesting to use the big text somebody has written. Just use tools made for the job, to find credentials and get your foothold.
  • With foothold: Enumerate, and think about the name of the box
  • With user access: Your power cannot be contained!

Rooted! Pm on htb for nudges :slight_smile:

Nice box. Did some things I knew were possible, but I never have done. Looking forward to seeing some walkthroughs of this one.

Finally Rooted.
PM me if you need any nudge, I like to help :smile:

Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?

Type your comment> @grav3m1ndbyte said:

Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?

Nevermind…I found what I needed.

Type your comment> @grav3m1ndbyte said:

Type your comment> @grav3m1ndbyte said:

Well, I got to the r******r.**p page, but whatever I do it doesn’t let me proceed. What I’ve found, has to be done authenticated but nothing works. Could someone give me nudge?

Nevermind…I found what I needed.

WOW! I wasn’t expecting this! ROOTED! My first box in months after having to step out of HTB!

# id
uid=0(root) gid=0(root) groups=0(root)
#     	

Found a video that demonstrates a relevant SQLI but cant get it to work. Has anyone used this?

… Reset and works.

\m/ ROOTED …
Initial Foothold is the tricky one.
Next Exploit to get he shell is pretty easy which further requires enum …
User Flag is a peice of cake
Getting to root again is a tricky one … many hints are already present in the forum “GTFO” I was new to this term … many things to learn from this box…

PM me for nudges :smile:

The good feeling after getting done with the box. One of the boxes where you get initial foothold everything will be sequential. Enumerate and Enumerate. User was good fight but root was way too straightforward if it was intended. Anyways willing to help out the stuck ones :+1:

what a journey :slight_smile: thanks for the creators not a hard machine but definitely a nice machine, i learned again about xxxxxcache :slight_smile: , and added to my notes, i think get a 2 user from the first enumeration was not planed right? its a bug??
for root if you cant sudo -l try to look for groups, then is enough hints on this forum.

if someone stucks dm and tell me what you have and what you tried.

I’m asking myself, why people don’t respect the HTB rules and post public writeups on unretired boxes…

Rooted.
Great box @ASHacker, thank you!
Skills++.

Didn’t figure out how I was suppose to get user first. If someone could DM me about this, I’d appreciate.

Root was pretty easy.

Nice box @ASHacker!

This box was really fun, thanks! :smiley:

■■■■ this box was confusing to me.
After I got the initial shell I got second user (thinking being first user) then I tried to find anything on the box to become the other user (without success) and then I escalated to root without actually ever being the (real) first user :open_mouth: :lol:
After a while I then realized that I had everything for the first user at the time of getting the initial shell.

But in general I learned some cool new stuff from this box.

PM me if you need a nudge.

facing a problem in s*l injection…
can anyone help me please PM

edit - nevermind i figured it out

Don’t like this hide and seek for initial foothold and i hate the syntax of the big blue whale.

Stuck on h** login any hint ?