Scavenger

Criminally underrated box IMO. Well done to the author.

Excellent challenge, certainly pushed the tools and methodology having so many paths to look at. Hat tip to @vGsec for the nudge and helping me keep consistent. Nice box all around @mpamo.

Nvm: got it :slight_smile:

Simply, awesome. What a ride. Thanks so much for this box @mpamo.

Could someone give me a nudge for user.
I’m attacking a specific service but I’m failing to create a valid payload.

R0oT3d!
One of the best boxes so far.
Thanks to the creator.

Stuck at getting something out of the above-mentioned “bug”.
Any nudge would be appreciated.
Enum is not going anywhere or I’m going it wrong.
Same thing is with the rce. :frowning:

I’m also stuck at m****s. I can log in and I also see a very suspicious file in the document root, but can’t find a parameter for it… any help? I tried bruteforcing the parameter, tried a few common ones, different http methods… what do I miss?

And I can’t find a way to read that file to see how it works, nor to upload a similar file of mine.

Great box. I about lost my sanity in a couple of places. Thanks for the whirlwind of an experience, @ompamo!

i sh***.php r-hole and if not do i have to guess the params?

Enumeration is very slow (20 reqs/s) with dirbuster

I need a small nudge for root…
so I have all the various files, got user.txt…
found some interesting things in the incident files.
Also found some articles talking about the compiled file…but struggling to connect the dots…

Update: so after some fighting finally manged to get this resolved :slight_smile: thanks to the ppl assisting :slight_smile:

Got root! message me for help

Hey all! For root part Should I brutforce the magic or just try other ways of execution?
Would highly appreciate a nudge here.

nvm, above is nonsense and i was dumb… rooted! thanks @ompamo, I’ve learned my lessons

hi help move on
I enumerate and found.
twg and pco

vhost
www.super***hosting.htb/

there are 2 more but I don’t know what to do.

Why admin interface is soooo slooooowww…?

Rooted !

What a day !

It was hard for user, not that hard for root when you find the right information.
PM if you need help.

On the final step, found a couple of magic words but I’m not sure how to format

Great machine! User took me looong time while root was a matter of minutes (though very interesting). Thanks @ompamo!

Finally rooted, amazing box.
Initial: Enumerate, enumerate, enumerate. Poke at every hole until you break through, then keep Digging.
User: Someone else has left something behind here for you, but the usage isn’t obvious at first.
Root: Check every corner, do some OSINT, and work out what’s different