Are you talking about w** s**** hint?? How do you access it without uploading??
You don’t need to upload any web shell. The “evil hacker” who defaced the website already left one for you on the server. You just need to find it via basic OSINT/Google-fu
Lots of people dont understand what they are seeing and reset the box because they dont get the response they expect. This means that for about 20% of the time the box is probably rebooting.
Hey all! Just finished rooting this box, thanks Xh4H for the fun machine!
My hints:
User: Not every webpage is as it appears… try inspecting further into the message left by the creator. Finally, google away! List out your ideas if it helps.
Root: Basic unix enumeration tools should help you here. Pspy is great and will help to know when your target is run so you can trigger it yourself.
Just rooted the box! User was quite fun and easy. Root was challenging for me, but thanks to some nudges from @ChefByzen I was finally able to get root! Learned a lot of new things doing this machine!
Foothold: Enumerate everything you see and don’t only rely on tools, but also follow some hints manually.
User: Once you’re on the machine, there’s a tool available on the machine that you might want to use. Hints for that can be found were you’ll probaly look anyway to own user.
Root: Enumerate the machine and try to understand the processes that run on it. Great tools for that have already been named here in the thread. Find a way to exploit these processes - to do that, you should find a way to go into the box from the front door, instead of the back door.