Cache

Can someone PM me and give me a hand on the guessing part please? I literally bruteforced every H** possible directories and still stuck, and google searches didn’t provide me any additional hint. I’m not good at this guessing stuff, I just want to exploit things.

Still stuck on the rabbit hole. Please help. Not able to proceed

Type your comment> @breakndenter said:

Type your comment> @mrvanee said:

Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\

That is the situation in free servers … Vip is the cure …

Yeah i just got VIP :wink:

Is anyone having trouble with the first exploit after the foothold. It takes FOREVER to run and all of the data is blank. I had to modify the exploit to target exactly the data I want before it would return anything

Rooted

Overall fun box which teached me a lot. Pay attention to details, write things down while enumerating and keep things simple

PM for nudges

who the f keep turning off the p***** ***e

Rooted. Fun box.

Type your comment> @vicio said:

Type your comment> @fr0ster said:

I’ve done it

id

uid=0(root) gid=0(root) groups=0(root)

Thanks @ASHacker for this Box and my team-mates for tips and helps :slight_smile:

Doesn’t count if you don’t show the hostname of the machine :lol:
Ok :wink:

# cat <hide>/hostname && id
cache
uid=0(root) gid=0(root) groups=0(root)

Looks like there is another login page for H**, but I can’t find it anywhere! Any hints?

Rooted! Very nice box!

finally!!! got root good machine , with quite good challanges like sq** and dock** ,

Foothold: enumeration is key ,look closer and find exploit be more specific in chossing exploit

user: Take notes to keep track what have u found ,may be it can be used later;
root: Take advantage of services hosted locally that will lead u to root , again enumeration is key,Keep digging u should know your powers;

if u need help Discord: itachi982#0535

if that helped u give me respect at : #itachi982 #ID:182298
:smile: :smile: :wink:
Thanks @hg8 , @cerebro11 , @71xn

Happy hacking,Try harder.
itachi982

Type your comment> @StormCr0 said:

Looks like there is another login page for H**, but I can’t find it anywhere! Any hints?

fuzz that virtual host network

Rooted. Cool box, i learned a few things. Overall, I think Admirer was a bit harder than this one, but both were good experiences.

  1. Enum and Foothold is the most challenging part of this box
  2. Due to issues I had with the low priv shell, I ended up doing the work to get to the ‘lateral’ user first, got a better shell and then was able to back up into the user holding the flag based on enum.
  3. root isn’t difficult, just knowing who you are and some quick research if you are not familiar with the privesc.

Thanks to @Dark0 for the nudge on the foothold.

@sparkla said:
Do I need the second user for root? Please P.M. if it’s a spoiler

This depends on what your current user is. I got the “second” user before gaining access to the first one :smiley:

Would love a pm hint on enumeration. I found the n**.h*** but assuming that is rabbit hole.

Is P****** P***** supposed to be off by default or is someone messing with those who haven’t made it in yet? I’m finding enumeration on the H** side to be very difficult because it seems like the service is constantly being altered, and finding any way of authenticating to do one of the exploits I’ve found looks like an exercise in futility.

@ph03nix0x90 said:

Is P****** P***** supposed to be off by default or is someone messing with those who haven’t made it in yet? I’m finding enumeration on the H** side to be very difficult because it seems like the service is constantly being altered, and finding any way of authenticating to do one of the exploits I’ve found looks like an exercise in futility.

It is supposed to be available. But yes, people tend to constantly break the machine by using ready-made scripts, instead of using a way easier (and more stable) option for gaining RCE on the server.

Spoiler Removed

Google is your best friend when it comes to find a flaw on your victims.

User: Go back to your notes

I am going to chalk this up to working from home and not giving this 100% attention. But I spent over an hour looking for the lateral move before I figured out it was literally the very first thing I found