Quick

Spoiler Removed

@guanicoe said:
i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

Same here. Did you ever get an answer for this? I’m pretty stuck on this foothold…

Spoiler Removed

Any hints, I found interesting headers but nothing yet ?

Alright i have helped enough people lol, now i need help. i will try to keep this generic so i dont get popped again

my simple thing isnt working… my payload in the MB should work had people test it… ufw is not installed on my machine…i need a sanity check… i know what i need to do the simple thing just wont talk…

Type your comment> @guanicoe said:

i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

I still dont know why nobody answered that, but i got a strong feeling that it isnt smh even if i’m still having nothing as a foothold euuuh

Type your comment> @m1111 said:

got creds from Co**********.f and emails from ?V*=a***t
tried to login with them and nothing worked
??

I’m on the same spot as you, tried with all users that i found but nothing :frowning:

For those that at least got as far as the juicy info in that document, you can PM me for a nudge.

Type your comment> @Selcius said:

Type your comment> @guanicoe said:

i get SSL_ERROR_RX_RECORD_TOO_LONG, ham i digging the wrong hole?

I still dont know why nobody answered that, but i got a strong feeling that it isnt smh even if i’m still having nothing as a foothold euuuh

if you get that error then maybe your need to rebuild the tool your using or look into that experimental feature…

Calling all Superstars i am soclose to user i need a sanity check to see if my approach is solid…which i think it is…hep hep me please

My god!!! Finally! What a ride for that user… The foothold was tough, but how proud i feel right now!! :slight_smile: Onto Root!

User was not very obvious, but the forum is loaded with hints of the struggles.
Second PrivEsc was probably the most enjoyable part of this box.
Root was too “quick” Don’t need to look very far.
I liked the box but wish it had more stepping stones along the way, especially on the initial foothold.
It fits its category of difficult and had some custom exploitation along the way.

On another note, if anyone can enlighten me on how to resolve DNS hosts using python if a box doesn’t have capabilities to add to the etc hosts file, that would be awesome!
I currently only know of curl that can --resolve DNS override!

finally got user
learned a lot !!

i’m frustated in initialfoothold.
tried to fuzz the web, login form, access the portal,

Any nudge would be appreciated.

Oh man, finally got that user flag. It’s been a ride. Wowza.

user was pretty hard because i couldn’t for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root

enjoyed this box a lot as well, keep 'em coming r3boot ^^

can anyone help me with foothold please ?

Spoiler Removed

Not getting anywhere with this box, not even the slightest hint of progress. I’ve tried dir busting and fuzzing but not got much back. I’ve found some headers that appear to suggest Jy and I’ve got a couple of URLs, w-f & m-**f but I don’t know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.

Super cool box, just got the user!