finally root… ask me, if you have questions…
cant connect to mysql , the password end with “!!”
$dolibarr_main_db_pass=‘serverfun2$2023!!’;
any help please??
Needed to fix a minor bug in the
Summary
pwn script
… Otherwise an easy box.
Hello, what is the username you use to connect the db?
Well, spent quite some time on the box but it was fun.
Initial foothold: try to read carefully the content of the main page for any clues which you may use for the VHOST enumeration. Once found, you can easily find public exploit.
User: read framework docs carefully and try to find where sensitive data is stored usually.
Root: as mentioned before, linpeas is your friend, hopefully, you will see the light with its help
Hi, I’m a begginer here so it might be a dumb question. I found the subdomain but when I try to access it I land on the same board.htb page. Any idea to fix this ?
Domains and sub-domains are to be added to /etc/hosts as they are discovered.
So I can get shell and db password and hashes and such but I can’t seem to crack the other one. Is this hash uncrackable? it’s taking a really long time. Can somebody give me a hint? I been search for…I guess nothing for days.
I have found the exploit to get root, but it always gives me an error when I execute the script, saying “version `GLIBC_2.34’ not found”
How to solve?
Same.
Hi,
I’ve done vhost enumeration and got one. But I don’t know how to get the credentials. Looked for configuration files didn’t got any. When googled found out that the configuration file would be in the “/conf/conf.php” path. But I’m getting a forbidden alert.
Can someone guide me in the right direction.
The DefaultCreds-cheat-sheet is your friend. That is the next step. If you need another nudge, feel free to DM me.
what does user/system blood pwned mean??
Hi,
I’ve found the subdomain, creds and exploit script but had a very strange issue I want to share in case anyone encounters the same.
The server did not reply to any POST request I’ve sent via the web application.
The script could create a website (got a 302 Found from Apache), but when it tried to create the page with the payload always got a “408 Request Timeout” from the server.
I’m still confused because both the successful and unsuccessful requests are sent to the same php file.
Nevertheless, after hours of debugging I was able to resolve the issue by simply changing to a different VPN server…
Afterwards the exploit worked on the first try…
Reguarding the vhost enum, make sure you set a filter to the enum and you should find what you looking for.
How do i do the pivoting guys im so lost pls dm me if you can help me
FINALLY!! Got root, it’s a little tricky tho.
After hours of trying to figure out how to access the server I got a reverse shell but I’m stuck on w******a. It should be noted that I found the user but nothing else. I’m tired. Any suggestions?
thank you!
Can you help me with the root of this box?