Book

@godylocks said:
I learned a lot! I like the box more now that I know how to do it, but man what an initial foothold. PM me for nudges.

Glad you had fun reading this book :wink:

@clubby789 said:
Rooted, great box, learned some new things that I haven’t seen before.

Well done. Pleasure knowing the feedback :slight_smile:

@bertalting said:
Rooted! Very fun and educational box !
For those who have problems with a disconnecting shell, pm me

Thanks for the feedback and well done :wink:

Finally, rooted.
Thank you @MrR3boot for an awesome box. Really enjoyed it, though I have to say that the user part can be quite frustrating :wink:

Also thank you to @rholas for putting me on track.

Hey Guys,

To get the user is very frustrating. Any nudge?

rooted initial foothold was paintfull

Type your comment> @embranco said:

Hey Guys,

To get the user is very frustrating. Any nudge?

Yeah, same here

Finally rooted. Thanks to @godylocks and @bertalting for the help.

I did not enjoy this box as much as I enjoyed the other ones from @MrR3boot. This is mainly due to not being as straightforward for me and therefore it was way harder for me than it should have been.
Still learned something new, so thanks to @MrR3boot for teaching me.

Also: For some reason the root part was really unreliable for me and I had to reset the box everytime my payload was invalid. Don‘t know if that was just me though.

Type your comment> @sazouki said:

rooted initial foothold was paintfull

Any nudges? Have an ‘account’ and my attempts at uploading malicious files are not working

I could use a little nudge on initial foothold. I’ll share what I have tried so far.

Got a little tidbit but probably not useful after hitting the URI length limit.
Thought Dea* **ef might be good for debugging or buffer overflow but it turns out it is just a piece of static information about the server.

Just to confirm, to successfully login in the admin page, you need to guess the password as for the Sauna box or there is somewhere a vuln that allows you to bypass the authentication?

Spoiler Removed

Type your comment

Type your comment> @syn4ps said:

Just to confirm, to successfully login in the admin page, you need to guess the password as for the Sauna box or there is somewhere a vuln that allows you to bypass the authentication?

Why not creating your own one instead of guessing :slight_smile:

the L******** its not working… :confused: please someone help me… Discord: SuPerCoW#8100

For everyone using automated tools like sqlmap and burp. Do not use these kind of scanners. You only fill the machine with bloat and it does not give you any help whatsoever.

Box rooted this morning… it does not worth at all 30 points!!! I don’t know who is deciding the value of boxes but he/she needs to re-evaluate it. (On my opinion, it worths at least 50 points)

Any way… not to spam the thread with hints already given, I offer my help in private messages.

Hint : I liked Trunk Dragon Ball :slight_smile:

What is the difference between admin and user? Enumerate more and try more, learn from every box.

If you managed to automate the ‘payload sending’ via python please message me… It works in firefox, but curl and/or python requests fails miserably and I want to understand why.