Cache

Can anyone nudge for initial foothold? Have the username from author page, but pretty lost from there

Finally got root :smiley:
if anyone needs help PM

finally rooted Cache … was tricky and easy as well … need some enumeration and thenn enumeration and then enumeration… finally some shell and rootrd…!!!
Thanx alot @itachi982 for your wonderfull support

PM for any support or help.

Type your comment> @ellj said:

Type your comment> @CyberG33k said:

Type your comment> @lebutter said:

How come the vulnerabilities are not in Searchsploit ?

The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow

Can fucking confirm, it is painfully slow

Someone plz DM me with better way :frowning:

If you look at the code , and you did enough enumeration to understand what tables you want, you can modify the metasploit module to only download the table you want. You should be able to figure it out and download the table if far less time that waiting for it to complete.

Type your comment> @CyberG33k said:

Type your comment> @ellj said:

Type your comment> @CyberG33k said:

Type your comment> @lebutter said:

How come the vulnerabilities are not in Searchsploit ?

The one that gets you the shell is. The one that gets you the details is in Metasploit but i would not use it. It is painfully slow

Can fucking confirm, it is painfully slow

Someone plz DM me with better way :frowning:

If you look at the code , and you did enough enumeration to understand what tables you want, you can modify the metasploit module to only download the table you want. You should be able to figure it out and download the table if far less time that waiting for it to complete.

I did that and it still took me easily 30min… i’m now doing it the intended way which is interesting.

I have the pass and salt from the table but is it normal that the former is that short?

web broken and no reboots allowed until tomorrow :(. Now that i am moving forward…

greate experience, gotta admit i asked for help because i didn’t read the comments at first, always read the comments

Type your comment> @luca76 said:

you have to do something it is not possible so, the riane box up only for a few seconds and then down again

Yeah, definitely… :frowning:
Here’s the situation, at the moment:

WARNING: Failed to daemonise. This is quite common and not fatal.

Connection refused (111)

Finally

root@cache:~# id && hostname && date
uid=0(root) gid=0(root) groups=0(root),
cache
Tue May 12 21:38:01 UTC 2020

Foothold and user were both abominable pains because of the instability of this box.

Learned something new with both phases of root privesc though, which I appreciated.

The best hints are already out there.

Got root. Yay! I think getting the foothold was the hardest part. I ended up modifying the metasploit to do it as I could not get the other way to work.

you broke the balls, because you always reset, so it is impossible, you have to take measures in my opinion

Type your comment> @syn4ps said:

I have the pass and salt from the table but is it normal that the former is that short?

I have the same issue. Rabbit hole maybe? I dunno what to think anymore with the portal getting turned off so often.

Phheew that was a long foothold process. I don’t know how the first bloods do it so quick, as on this one the perimeter is quite wide, many things to check.

Hmmmm found other vhost. Wondering if par**** por*** should be turned off by default? ?

or where i should go from here?

any tips?

Any Hints on foothold. I just have username and can see n**.h*** page so far. I tried the h*s in author page as vhost but didn’t found.

Type your comment> @tilznit said:

Type your comment> @syn4ps said:

I have the pass and salt from the table but is it normal that the former is that short?

I have the same issue. Rabbit hole maybe? I dunno what to think anymore with the portal getting turned off so often.

ah, so when it is off, it is not really intented? It can be on sometimes? oO

I don’t think it is a rabbit hole as people here got it with the metasploit module. I have’nt changed the script, I just checked what it does through Burp and applied the same for the interesting table.

EDIT: OK, after reset the portal is available… Got everything I need

Type your comment> @ic3x64 said:

Rooted, need help, let me know.
I got two users, stuck on root

Turning off the portal has no effect in getting foothold as long as you know which page to go. If you want to see the portal, although there’s nothing much to see, reset the machine. I’d suggest visiting the official wiki. Tons of information there. Remember, it’s about having fun in learning and expanding your knowledge, not how fast you can root the machine.

Cheers

finally rooted. thanks @itachi982 @calipendula for your hints