• Type your comment> @Parsons said:

    stuck. could anyone give me a DM injection for the initial foothold ?

    got it

  • Got User. Still haven't found a way to get a proper shell (which i could use to privesc)... Any Help? ;)

  • edited October 2019

    Got root.txt


    for user Enum and enum and look previous step.
    for root enum and try harder.


  • stuck at the url... cannot get to user.txt.... can anyone help me plz

  • I can’t find the ko file for the life of me. Any help will be appreciated!


  • wonderful box, thx @ompamo

  • Need a nudge for root. Thanks!


  • Rooted. What a ride. I really enjoyed this box. Did anyone manage to get a fully interactive TTY? If so, teach me! Mold me!

  • Finally ... what a ride. Thanks @agr0


  • Need a nudge for root lads. DM me, TY!

  • Type your comment> @t3rm1nal said:

    Need a nudge for root lads. DM me, TY!

    @t3rm1nal said:
    Need a nudge for root lads. DM me, TY!

    if you find any help please do help me too ..........

  • Criminally underrated box IMO. Well done to the author.

  • Excellent challenge, certainly pushed the tools and methodology having so many paths to look at. Hat tip to @vGsec for the nudge and helping me keep consistent. Nice box all around @mpamo.

  • edited October 2019

    Nvm: got it :)

  • Simply, awesome. What a ride. Thanks so much for this box @mpamo.

  • Could someone give me a nudge for user.
    I'm attacking a specific service but I'm failing to create a valid payload.

  • R0oT3d!
    One of the best boxes so far.
    Thanks to the creator.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Stuck at getting something out of the above-mentioned "bug".
    Any nudge would be appreciated.
    Enum is not going anywhere or I'm going it wrong.
    Same thing is with the rce. :(

  • I'm also stuck at m****s. I can log in and I also see a very suspicious file in the document root, but can't find a parameter for it... any help? I tried bruteforcing the parameter, tried a few common ones, different http methods... what do I miss?

    And I can't find a way to read that file to see how it works, nor to upload a similar file of mine.

  • Great box. I about lost my sanity in a couple of places. Thanks for the whirlwind of an experience, @ompamo!

  • i sh***.php r-hole and if not do i have to guess the params?

  • Enumeration is very slow (20 reqs/s) with dirbuster

  • edited November 2019

    I need a small nudge for root..
    so I have all the various files, got user.txt..
    found some interesting things in the incident files.
    Also found some articles talking about the compiled file..but struggling to connect the dots....

    Update: so after some fighting finally manged to get this resolved :) thanks to the ppl assisting :)

  • Got root! message me for help

  • edited November 2019

    Hey all! For root part Should I brutforce the magic or just try other ways of execution?
    Would highly appreciate a nudge here.

    nvm, above is nonsense and i was dumb.. rooted! thanks @ompamo, I've learned my lessons

  • hi help move on
    I enumerate and found.
    twg and pco


    there are 2 more but I don't know what to do.

  • Why admin interface is soooo slooooowww.....?

  • Rooted !

    What a day !

    It was hard for user, not that hard for root when you find the right information.
    PM if you need help.

    Hack The Box

  • edited December 2019

    On the final step, found a couple of magic words but I’m not sure how to format


    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Great machine! User took me looong time while root was a matter of minutes (though very interesting). Thanks @ompamo!

Sign In to comment.