Nvm: got it
Simply, awesome. What a ride. Thanks so much for this box @mpamo.
Could someone give me a nudge for user.
I’m attacking a specific service but I’m failing to create a valid payload.
R0oT3d!
One of the best boxes so far.
Thanks to the creator.
Stuck at getting something out of the above-mentioned “bug”.
Any nudge would be appreciated.
Enum is not going anywhere or I’m going it wrong.
Same thing is with the rce.
I’m also stuck at m****s. I can log in and I also see a very suspicious file in the document root, but can’t find a parameter for it… any help? I tried bruteforcing the parameter, tried a few common ones, different http methods… what do I miss?
And I can’t find a way to read that file to see how it works, nor to upload a similar file of mine.
Great box. I about lost my sanity in a couple of places. Thanks for the whirlwind of an experience, @ompamo!
i sh***.php r-hole and if not do i have to guess the params?
Enumeration is very slow (20 reqs/s) with dirbuster
I need a small nudge for root…
so I have all the various files, got user.txt…
found some interesting things in the incident files.
Also found some articles talking about the compiled file…but struggling to connect the dots…
Update: so after some fighting finally manged to get this resolved thanks to the ppl assisting
Got root! message me for help
Hey all! For root part Should I brutforce the magic or just try other ways of execution?
Would highly appreciate a nudge here.
nvm, above is nonsense and i was dumb… rooted! thanks @ompamo, I’ve learned my lessons
hi help move on
I enumerate and found.
twg and pco
vhost
www.super***hosting.htb/
there are 2 more but I don’t know what to do.
Why admin interface is soooo slooooowww…?
Rooted !
What a day !
It was hard for user, not that hard for root when you find the right information.
PM if you need help.
On the final step, found a couple of magic words but I’m not sure how to format
Great machine! User took me looong time while root was a matter of minutes (though very interesting). Thanks @ompamo!
Finally rooted, amazing box.
Initial: Enumerate, enumerate, enumerate. Poke at every hole until you break through, then keep Digging.
User: Someone else has left something behind here for you, but the usage isn’t obvious at first.
Root: Check every corner, do some OSINT, and work out what’s different
any hint for root?
Stuck on the s***l.php. Tried fuzzing a parametername with a lot of wordlists. Is this the right way? And if so, then which list should I use?