Book

Root thanks @rholas and @arale61

Rooted thanks @foxlox

Rooted thanks for all :slight_smile:

USER :
_connect as admin in 80
_try to read what you normally don’t be allowed
admin and standard user is your friend

ROOT :
_suspicious service are running
_CVE and little more

Feel Free to PM

Does anyone have any good reading material on how to exploit the upl***? I suspect it has something to do with .H. Des… with ph… files.

Rooted :smile:

Really liked the attack vectors for both user and root, definitely learned something here.

Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.

Thanks for creating this one @MrR3boot!

Type your comment> @mech said:

@MrR3boot is absolutely one of the best box creators on this platform.

I’ve still not got root but user was a fantastic learning experience. Lots of different functionality to test with lots of classic bugs re-imagined, combined or used in ways that you don’t usually think about them. Taught me to respect even the more humble bugs and to think outside the box a little bit.

Dreading figuring out how to root this but nonetheless great job!

:heart:

Amazing box. @MrR3boot keep bringing boxes like this! :slight_smile: Priv esc was really useful and I learned something new from it.

User was pretty easy , root took me longer than it should have, made a tiny mistake in my pay**** file.

TIps User; Typical methods like brute-forcing will not help you, try various account takeover methods. Pay attention to the char limit on sign up form.

Root; Simple , do your research!

What might mess with you is the syntax , in that case feel free to PM me.

@CodingKoala said:
Rooted :smile:

Really liked the attack vectors for both user and root, definitely learned something here.

Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.

Thanks for creating this one @MrR3boot!

Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you

@bertalting said:

Why not creating your own one instead of guessing :slight_smile:

I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.

Unless it’s the unpriv one and then I change it’s role?

Seems I keep having issues with login forms, need to get better at this.

@gu4r15m0 said:

@bertalting said:

Why not creating your own one instead of guessing :slight_smile:

I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.

Unless it’s the unpriv one and then I change it’s role?

Seems I keep having issues with login forms, need to get better at this.

Try not to overthink this stage.

It is very difficult to explain without spoilers but at a very high level, look at ways you can use the signup page to manipulate the database into thinking something important has changed.

BTW, there’s a good blog i found helped me a lot in the last step for user just if you know what you are searching for
also for people getting invalid format for the key, decrease the font and it will works

Type your comment

Spoiler Removed> @embranco said:

Type your comment

Type your comment> @N7E said:

@CodingKoala said:
Rooted :smile:

Really liked the attack vectors for both user and root, definitely learned something here.

Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.

Thanks for creating this one @MrR3boot!

Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you

:heart: sadly taking some break. See you all soon :wink:

working on root now. I’ve been bashing my head with lr***. is this even the right way to go? If yes, then a little help would be appreciated. just pm me for a nudge. Thanks.

I’m working on root and I stuck on waiting for rot** . a little help about how to trigger it would be appreciated . just pm me for a nudge. Thanks.

#Edit : Got it and rooted :slight_smile:

User: check! Root: check! Thanks for this amazing (yet tough) box @MrR3boot ??

rooted; thanks a lot to @Zer0Code for the patience and nudges.

could someone help me with the admin panel,i want hints not answers

thanks

any hints for user im so fustrated , cant get anything