@TheInnocent said:
rooted. My hints for this box:
for user, don’t stop at the very first nmap scan, use full potential and enumerate every service. Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell
for root you don’t have to do much but you’ll have to KNOW much about a certain service. First thing, run enumeration scan, then try to read as much as you can about how things like that work
"Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell. "
love you Bro you save my time. it took 15-30 munites to identify .