Cache

TazWake · July 1, 2020, 10:15am

@11o said:

Three days and no further forward with the foothold on this box. I’ve heeded the comments but am clearly missing something obvious.

Any help would be greatly appreciated.

Enumeration matters. If you fuzz around you can get initial access. Then google-fu can help you find the information you need to turn that initial contact into something more useful.

11o · July 1, 2020, 1:15pm

A nod to @TazWake, very much appreciated as always.

pinnn · July 2, 2020, 7:24pm

Got root!

B14ckD347h · July 3, 2020, 3:28am

So, I had to leave this box and come back to it because it kept getting reset. I’ve gotten to the deployment of my r****** s****, but it doesn’t seem to be getting uploaded correctly or to the correct directory. The dashboard is confusing as ■■■■.

EDIT - Nevermind. I’m an idiot.

mdnwvn · July 3, 2020, 3:45am

Got my foothold but im stuck on getting my first user. Reading through the hints here it seems i should have enum’d through something useful to get user by now, but im kinda stumped here. A nudge would be greatly appreciated

Im stupid. It really was something that i should have enumerated on my way to foothold. On my way to second user now

Rooted!

id
uid=0(root) gid=0(root) groups=0(root)```

Learned alot as this was just my third box, and Im looking forward to doing more. Took me forever to get it, but all the hints are here already.

B14ckD347h · July 3, 2020, 4:30am

Rooted finally!

cyberdon214 · July 3, 2020, 11:27am

please…please stop resetting.

11o · July 3, 2020, 2:09pm

Rooted. The initial foothold is by far the most frustrating part.

Thanks to @TazWake, happy to pay it forward if needed.

Capo80 · July 9, 2020, 3:47pm

~~I’m kinda stuck, by reading here and with ms* i found a h**.b v*h but i cant access it from my browser, can someone give me a nudge?~~

Nvm, im stupid

0xbro · July 10, 2020, 10:43pm

~~Stuck in the sql injection… found some tables that seem intresting (u****_s*****) but the tool can’t dump data from it… is it normal?~~

Never mind… session had expired

Harbard · July 11, 2020, 4:52am

Rooted. I’d never interacted with the service before. Definitely and interesting way to pivot. Name of the box matters.

Thank you @ASHacker for the box!

Feel free to DM for a nudge!

Shayzee · July 15, 2020, 6:01am

id appreciate a nudge. I have rce on e** app what should I be looking for next?

Strawhack · July 16, 2020, 2:26pm

Hi, I saw the exploit author YouTube video, tried, but I fail. Then saw a exploit from the cms and it had many exploit injection, tried but I am always landing back to login page. Am I missing something?

ricepancakes · July 18, 2020, 11:02am

This is a really fun box, despite being stuck on the foothold for 3 days.

Foothold: there’s another hidden service somewhere.
User part 1: you need to get a flu jab.
User part 2: look in the cache and you shall find your treasure.
Root: ride on the blue whale and run away.

DM for additional nudges.

kbotnen · July 22, 2020, 4:48pm

Ah. rooted.

Nice box. Learnt a few new attackvectors/tecniques from this one.

PM if you need nudge for this one.

SovietBeast · July 24, 2020, 9:13pm

Yey! I rooted it, and even manage to extract tables and all info myself manually, fun box frustrating because of initail foothold if you like me with little to zero experience in this stuff.

blacViking · July 26, 2020, 8:24pm

Finally rooted the machine
PM, if you need help

gotw · July 29, 2020, 3:59pm

Can someone help me…
How to find their is another host H**.h**
I tried nslookup, nbtscan, dnsenum but didn’t get anything.

TazWake · July 29, 2020, 4:15pm

@GHOSTontheWire said:

Can someone help me…
How to find their is another host H**.h**
I tried nslookup, nbtscan, dnsenum but didn’t get anything.

In general there are a couple of fuzzing tools which can do this quite effectively.

Not sure you need it here.

gotw · July 29, 2020, 5:17pm

@TazWake
Then how to discover other host.