Rooted.
I got the foothold two different ways. One being the all things thingy, as expected, and the second one from a certain tag that I have absolutely no idea why it works, but it does, straight to a reverse shell even. Using a few ifs.
Can someone pm me about that second case?
I’m late to this party, but finally rooted. Interesting box to say the least. The thread definitely has everything you’d need for hints. Feel free do DM if you need an extra nudge.
Yeah, I forgot I commented that, I have already gotten a shell on the machine… working towards User, thank you so much for still taking your time to help out.
Yeah, it kind of depends on where you are logging in with that. If it is a S****** M******** portal, you are on the right track and it is likely you’ve used an account someone else set up.
Rooted !
The foothold took me hours and hours. The root part comes without much surprise but was very enjoyable nonetheless.
Feel free to reach out while the process is still fresh in my head
Thanks to @egotisticalSW for the box, and thanks to everyone for nudges, especially to @Harbard
Got root but definetely not an easy box. I think easy ones would be those that a newcomer could do without much effort. I don’t think this is the case. Besides that, nice box.
PM me if you need help.
Got stuck at S**i. I know its b**** in******* but cant figure out which parameter to try on. Any nudge?
Depends what you mean by parameter in this context. If you mean which field of the form, you can test it. Put One in the first and two in the second. When you look at the right output, there will only be a single response and you know which bit to attack.
If you mean parameter to S**i, then I don’t think I understand.