Hint for HELP

I just wanted to thank you guys for the hints. This is my very first attempt of solving this sort of challenges and every is new and confusing to me.

Iā€™ve currently managed to use the credentials, tomorrow I will continue exploring my options.

I truly think that I wonā€™t be able to make and upload an exploit (never done that before) but Iā€™m learning a lot, especially not to give up and keep trying everything I can.

Iā€™ll try to keep an eye here to try to return to the community the help Iā€™ve been granted!

I have identified the CMS. I have tested a few things from exploit-db and (regretfully) metasploit but it doesnā€™t seem to work. Can someone DM me with a nudge?

Deleted post

Will the box be up for many more days? Got the CMS , clever name.

Going crazy for rootā€¦
Maybe missing something in my enumeration. Although root is possible with kernel exploits, want to try without them.
Please PM me any nudge/hint.

Edit:
Rooted!!! Overlooked simple enumeration

already spent 2 hours :frowning: stuck on g*****l part. not able to create proper request in postman, Please PM any clues

Can whoever is resetting the box every few minutes please stop.
Working on root enumeration and it keeps resetting .

EDIT:

Rooted, first box Iā€™ve done on here. Great learning experience, thanks for putting it up.

FINALLY Finished

User - was tricky ā€¦ read the github source code and ignore error messages.
Root - known exploit

hey guys when I submit tickets I donā€™t receive any email ? Is i am right direction ?

Hello I got this error
Any hint ?
root@kali:~/Desktop# nc -nlvp 6392
Listening on [any] 6392ā€¦
connect to [10.10.12.27] from (UNKNOWN) [10.10.10.121]
root@kali:~/Desktop#

I canā€™t accessā€¦

ROOTED !!

PM for hints

Rooted :+1:

Thanks to @espringe and @lazyjd for providing me with the most help with getting through this box :slight_smile:

Finally rooted
Huge +rep to ShayNay for the help with root. Nice box

Could someone help me with root on this box without kernel exploit? Iā€™ve found something in b***_****y and got tty shell. Is it right one or is there any other way ? please.

Anyone ran into the problem when getting root, that the kernel exp is returning invalid argument? if so can you PM me? thanks

This box is very much similar to a retired machine which was released in Q4 2017.

I have found the webapp as well as the higher port. I am really interested in Node. Can someone give me a nudge on this method? PM me if necessary.

Type your comment> @st4rry said:

Could someone help me with root on this box without kernel exploit? Iā€™ve found something in b***_****y and got tty shell. Is it right one or is there any other way ? please.

Iā€™m at the same step

rooted PM for hints

ROOTED
thanks @h4rmsw4y , @XeN0N by tips