Cache

@LMAY75 said:

Is it just me or is this a little too guess-y for the foothold

It depends how you did it. For me it was enumeration, find thing, find public exploit for thing, exploit thing, have access, use functionality from access, have shell.

Then it was use creds I’d found during enumeration.

Not sure there was any step there where I had to guess something. I used a custom wordlist at one stage but that isn’t that unusual.

Yay root obtained.

Finding H** tripped me up, as did finding the exploit for it a bit after - but after that, it all seemed quite interesting.

Getting root was actually the easiest part IMO.

Spoiler Removed

# id
uid=0(root) gid=0(root) groups=0(root)

Not sure how I felt about this box tbh. DM me if you need any help

what’s going on with the box ?
I can connect to cache.htb but can’t access the page after login , and I can’t connect to h**.htb, nmap returns closed ports , when the http port is open , can’t use owasp , all my fuzzing tools don’t work … that is giving me headaches

@HamilcarR said:

what’s going on with the box ?
I can connect to cache.htb but can’t access the page after login

I am not sure what this relates to so I cant help here.

, and I can’t connect to h**.htb, nmap returns closed ports ,

There might be a problem with your connection or how you have this up in your hosts. As far as nmap is concerned it should return the same ports as anything else. The hostname only really matters during a HTTP request.

when the http port is open , can’t use owasp , all my fuzzing tools don’t work … that is giving me headaches

dirb should work.

Rooted. Message for help

Got User but submitting flag says error Have reset box still same.

Type your comment> @foalma321 said:

Got User but submitting flag says error Have reset box still same.

Same issue, tried resetting multiple times and still doesn’t work.

@foalma321 said:

Got User but submitting flag says error Have reset box still same.

@codedninja said:

Same issue, tried resetting multiple times and still doesn’t work.

This is a regularly discussed issue on most boxes.

It appears that HTB’s dynamic flags can malfunction. The way it seems to work is that after a reset the flag gets registered with the scoring server so if the box resets between you getting the flag and you submitting the flag, your flag will be incorrect.

There does seem to be a problem that sometimes the flag isn’t being set, which means the flag you get will never work.

People have suggested a reset is the solution but if this doesn’t work the best thing is to raise a JIRA ticket with HTB to get it resolved. For me, if people don’t raise tickets, HTB will never appreciate what the problem is and won’t know if they need to fix it.

Rooted. First part was a little annoying, because somebody turned off ur pl every minute. But after getting initial shell lateral movement was easy.
@ASHacker thank you for this box!

After Scanning port for cache machine got two port open, can any one help to move forward

@prashantbhatt said:

After Scanning port for cache machine got two port open ssh and 80 port, can any one help to move forward

Try to put some work on it. If 80 port is opened means you can check the website. Google all the things you see in the webpage. This is the one which helps you for sure.

@prashantbhatt said:

After Scanning port for cache machine got two port open, can any one help to move forward

Enumerate the higher port number.

rooted!
feel free for nudges

Type your comment> @gunroot said:

@prashantbhatt said:

After Scanning port for cache machine got two port open ssh and 80 port, can any one help to move forward

Try to put some work on it. If 80 port is opened means you can check the website. Google all the things you see in the webpage. This is the one which helps you for sure.

Thanks a lot

@TazWake said:
@prashantbhatt said:

After Scanning port for cache machine got two port open, can any one help to move forward

Enumerate the higher port number.

Thank u :wink:

Spoiler Removed

@KRyptonZ said:

Am I missing sth ?

Possibly but without knowing what you are doing, it is hard to work out what. The response you are getting is saying it has found a page you have requested, I dont know what you are trying to request or how you are trying to request it. (Or even what response you expect).

Looking at the location, and assuming you are trying to do what I think you are trying to do, I can only suspect you are in the wrong place.

ROOTED!
I really enjoyed this box, I pulled my hair out from time to time tho, thanks @TazWake for the hint that got me to root access, if you are stuck feel free to send me a PM :slight_smile: