Book

Rooted! Very fun and educational box !
For those who have problems with a disconnecting shell, pm me

I learned a lot! I like the box more now that I know how to do it, but man what an initial foothold. PM ONLY in discord for nudges. Thanks!

I could use a nudge. I’ve been spending about 18 hours so far and haven’t gotten a foothold yet.

anyone who has gotten user (not just the admin panel) and can help me out, please PM me. I am confident that my payload is correct, but for some reason I can not get the intended object to load where I need it.

@alez said:
Rooted.
User part is not well designed imho. The actions of other users can modify the behaviour of the application leading to unintentional rabbit holes. I lost hours yesterday because of getting a reply of the application that I should have never received. That really increases the difficulty for the ppl at free server.

Root is more adjusted to the initial difficulty, I did it in about 45min after getting user. I wonder how xtc took 3h from user to root, he probably went for a nap or something.

Well instead assuming something works, look at it in practical. Let’s say if box configured to reply to ur payloads then definitely it has to be in timely manner. If not then its not configured for that. Simple.

What you said on root part is absolutely correct. Good work :wink:

@godylocks said:
I learned a lot! I like the box more now that I know how to do it, but man what an initial foothold. PM me for nudges.

Glad you had fun reading this book :wink:

@clubby789 said:
Rooted, great box, learned some new things that I haven’t seen before.

Well done. Pleasure knowing the feedback :slight_smile:

@bertalting said:
Rooted! Very fun and educational box !
For those who have problems with a disconnecting shell, pm me

Thanks for the feedback and well done :wink:

Finally, rooted.
Thank you @MrR3boot for an awesome box. Really enjoyed it, though I have to say that the user part can be quite frustrating :wink:

Also thank you to @rholas for putting me on track.

Hey Guys,

To get the user is very frustrating. Any nudge?

rooted initial foothold was paintfull

Type your comment> @embranco said:

Hey Guys,

To get the user is very frustrating. Any nudge?

Yeah, same here

Finally rooted. Thanks to @godylocks and @bertalting for the help.

I did not enjoy this box as much as I enjoyed the other ones from @MrR3boot. This is mainly due to not being as straightforward for me and therefore it was way harder for me than it should have been.
Still learned something new, so thanks to @MrR3boot for teaching me.

Also: For some reason the root part was really unreliable for me and I had to reset the box everytime my payload was invalid. Don‘t know if that was just me though.

Type your comment> @sazouki said:

rooted initial foothold was paintfull

Any nudges? Have an ‘account’ and my attempts at uploading malicious files are not working

I could use a little nudge on initial foothold. I’ll share what I have tried so far.

Got a little tidbit but probably not useful after hitting the URI length limit.
Thought Dea* **ef might be good for debugging or buffer overflow but it turns out it is just a piece of static information about the server.

Just to confirm, to successfully login in the admin page, you need to guess the password as for the Sauna box or there is somewhere a vuln that allows you to bypass the authentication?

Spoiler Removed

Type your comment

Type your comment> @syn4ps said:

Just to confirm, to successfully login in the admin page, you need to guess the password as for the Sauna box or there is somewhere a vuln that allows you to bypass the authentication?

Why not creating your own one instead of guessing :slight_smile: