@luca76 unfortunately is like that the site is stable for 5 mins .So you have limited time and repeat 1000 times .: (
But apart from that the box is really cool and like always people spoil it a bit
yes nothing to say on the box and very funny, I’ll try again this afternoon, now it’s impossible to work on it
need nudges in bypassing h** login page…
So my little advice is “txt is superior to py” For everyone sake please use the non destructive way in rather than ruining everyone’s game. Root was breeze and enjoyable.
Just got root, thanks to @Zard and @Dark0 for the nudge.
I have never knew the blue whale and the cache can do this kind of magic…
Rooted late last night. My favourite past was was the second user. Never used this service before. Overall an excellent box.
Type your comment> @garffff said:
Rooted late last night. My favourite past was was the second user. Never used this service before. Overall an excellent box.
me too… i have never thought this can be exploited… just learned about this moments ago.
rooted, thanks for all who helped me…
user: was not easy for me, as it required to understand the chained vulnerabilities and what to extract…
user2: not that difficult as it related to the box name…
root: quite easy, gtfo, as mentioned by others in this forum…
you have to do something it is not possible so, the riane box up only for a few seconds and then down again
Cool! Foothold was most “annoying” part.
The rest was really easy.
From login to root took less than 1 hour and half.
Honestly I would rate this a green machine!
Little help, if you’re stuck on H** login page, use Google to get info on the running service. DuckDuckGo won’t give what you need.
For nudges PM.
Phew!!..finally. I think I took the long way round but I eventually managed to get root. I won’t leave any hints here because what’s already here will get you there (eventually). I certainly wouldn’t have got here without the hints so thanks to all you smart cookies.
That was a lot of fun, especially the path to root. Straightforward if you know the tech, else you’ll need some research. Thanks to the box creator.
I’ve been experiencing severs connection problems (I cannot reach the p***** or any other site on port 80) every 2 minutes on vip with that box, does anyone else have a similar problem?
Type your comment> @mrvanee said:
Well this sucks. on the login page there is now just a PHP shell… Don’t know who did that :\
They call themselves hackers…I thought part of it was being covert?? I snuck a nice webshell somewhere that’s very well hidden and disguised so I have a backdoor.
How come the vulnerabilities are not in Searchsploit ?
Type your comment> @mA1nfrAm3r said:
I’ve been experiencing severs connection problems (I cannot reach the p***** or any other site on port 80) every 2 minutes on vip with that box, does anyone else have a similar problem?
I got it, but after awhile the site got back. i think the server got spammed with dirbusters
Type your comment> @lebutter said:
How come the vulnerabilities are not in Searchsploit ?
The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow
I thought those were for older versions than the one running
Type your comment> @CyberG33k said:
Type your comment> @lebutter said:
How come the vulnerabilities are not in Searchsploit ?
The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow
Can fucking confirm, it is painfully slow
Someone plz DM me with better way 