• Check valid parameters in burp

  • Completely lost on bruteforcing credentials; can someone nudge? Thanks!

  • i got www shell
    how to esclate to user sh*** and root?
    help needed

  • edited September 2019

    Edited : i got the user but i can't make the exploit work , lol :neutral:


    hydra 9.0 not working with password=^PASS^

    compile 9.1-dev

  • edited September 2019

    try restart machine

  • edited September 2019

    Could use a nudge for the CVE, none of my payloads seem to be catching my listener. tried various methods and encoding

  • I have same problem

  • For those having issues with the CVE exploit, there are other ways in. Don't overlook what the web application is for.

    For those who got the CVE exploit to work, I'm open for a DM, curious how you got passed the waf.

  • edited September 2019


  • still stuck at the c******* login page. i am very new to this whole hack the box thing, but i was able to find the c******* page :D
    any hints??

  • Finally got root! 90% of the work on this box for me was getting the initial shell, I did learn a lot to get it to work though so its all good. Went straight from initial shell to root, which was very easy.

    Some tips:

    • Once you've found some webpages, try a few different METHODS to get them to tell you something
    • Once you have found somewhere to login, an exploit (with some modification) might help you find the credentials
    • Regarding getting the exploit to work, I found it helpful to make the script print out its responses, that way you can tell when the exploit has failed, it wont tell you otherwise.
    • Also regarding the exploit, using the UI helped me find out what what characters I couldn't use, it returns 403.
    • There is also a way to see the output of your commands, see the third point above.

    Hopefully these tips can help, and are not too revealing. PM me if you need any help.


    If I have been helpful, respect is always appreciated.

  • Only been able to get netcat to connect back so far, but nothing interactive, and definitely no reverse shell. Frustrating, but fun nonetheless.
    Escaping the forbidden chars and command calls isn't hard once you get it, but getting around/through the wall stays problematic for now.

  • Rooted! Annoying but fun box!

  • Rooted
    Fun and good machine.

  • Got shell as ww*-****... I know a path to root... but it will take a loong time :(

    Still enumerating to find a way to get root faster. Any clues? :)

    OSCP | CRTE | Pentest+ | DCPT

  • I've also got the ww**** shell, i've done the enum but i cannot see nothing out of ordinary, any hint ?

  • Oh nvm... Got it.

    Pay attention on the linenum output. :D

    OSCP | CRTE | Pentest+ | DCPT

  • So, I barely got anything out of gobuster besides /s-s and /m*. I got the a.php and p.php guessing from your comments...
    Could someone hit me up to give me tips for better enums?
    I'm kinda super fucking lost in this box


  • Can somebody help me with getting the shell? I got it already yesterday, but now it is not working anymore.

  • Hey guys, I have the exploit for c******* and everything I need but I am stuck. Please, please DM me for further information!

  • Type your comment> @BinaryStrike said:

    I've also got the ww**** shell, i've done the enum but i cannot see nothing out of ordinary, any hint ?

    Try to find any privesc based on permissions, or abuse with some executable made by root in any directory...

    Just by using basic enumeration commands you will break the wall

  • Got it, thanks for the machine @askar !

  • Rooted, from w-***a to root, I need to know how I can do it from w-a then shy user then root, I got shy user creds but how I can go for root without sc exploit.

    Please anyone have an Idea PM.

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Guys can someone please help me with the c******* exploit. At the end, it says "Check your netcat listener " but I don't get any shell.
    Can someone PM me please

  • edited September 2019
    I modified the script and have the login creds, but am struggling with the payload for the next stage. Could someone please dm me a hint?

    Edit: nevermind figured it out. Have www-data :mrgreen:
  • edited September 2019

    I think exploit script is working, you need special payload instead ncat...

  • I need some help with privesc. I have ww***** shell and enum but can see the way to continue with it... PM me a hint please

  • edited September 2019

    Restart M... Eng,..... after every try

  • Rooted, didn't enjoy the box I'm sorry to the creator. These hints I wished I knew when I was doing the box. from w******a to root

    Enum Hints:
    1) There is a hidden directory that dirb cannot find with normal wordlists.. OSINT is the key

    2) [this is an issue that I had personally] the known way to do this box did not work for me, I had to find an alternative way for RCE.. more enumeration will get you what you exactly want

    Root Hint : enumerate for un-patched software

    PM if you need help with the box and star my profile if this helped!

Sign In to comment.