Official BoardLight Discussion

finally root… ask me, if you have questions…

cant connect to mysql , the password end with “!!”
$dolibarr_main_db_pass=‘serverfun2$2023!!’;
any help please??

Needed to fix a minor bug in the

Summary

pwn script

… Otherwise an easy box.

Hello, what is the username you use to connect the db?

Well, spent quite some time on the box but it was fun.

Initial foothold: try to read carefully the content of the main page for any clues which you may use for the VHOST enumeration. Once found, you can easily find public exploit.

User: read framework docs carefully and try to find where sensitive data is stored usually.

Root: as mentioned before, linpeas is your friend, hopefully, you will see the light with its help :slight_smile:

Hi, I’m a begginer here so it might be a dumb question. I found the subdomain but when I try to access it I land on the same board.htb page. Any idea to fix this ?

Domains and sub-domains are to be added to /etc/hosts as they are discovered.

So I can get shell and db password and hashes and such but I can’t seem to crack the other one. Is this hash uncrackable? it’s taking a really long time. Can somebody give me a hint? I been search for…I guess nothing for days.

I have found the exploit to get root, but it always gives me an error when I execute the script, saying “version `GLIBC_2.34’ not found”
How to solve?

Same.

Hi,
I’ve done vhost enumeration and got one. But I don’t know how to get the credentials. Looked for configuration files didn’t got any. When googled found out that the configuration file would be in the “/conf/conf.php” path. But I’m getting a forbidden alert.
Can someone guide me in the right direction.

The DefaultCreds-cheat-sheet is your friend. That is the next step. If you need another nudge, feel free to DM me.

1 Like

what does user/system blood pwned mean??

Hi,
I’ve found the subdomain, creds and exploit script but had a very strange issue I want to share in case anyone encounters the same.
The server did not reply to any POST request I’ve sent via the web application.
The script could create a website (got a 302 Found from Apache), but when it tried to create the page with the payload always got a “408 Request Timeout” from the server.
I’m still confused because both the successful and unsuccessful requests are sent to the same php file.

Nevertheless, after hours of debugging I was able to resolve the issue by simply changing to a different VPN server…
Afterwards the exploit worked on the first try…

Reguarding the vhost enum, make sure you set a filter to the enum and you should find what you looking for.

How do i do the pivoting guys im so lost :confused: pls dm me if you can help me

FINALLY!! Got root, it’s a little tricky tho.

After hours of trying to figure out how to access the server I got a reverse shell but I’m stuck on w******a. It should be noted that I found the user but nothing else. I’m tired. Any suggestions?

thank you!

Can you help me with the root of this box?