This last step to root is really making me scratch my head. The rest of the box before this was so interesting and cool, but this last part sucks. Does anyone have a nudge? I see the “hint file” and I understand how everything is working, but I’m missing some piece that must be hinted at in this “hint file” but I’m not picking up on it.
Any hints?
EDIT: Wow. That was kinda dumb. But I got there in the end; too much overthinking and too deep down rabbit holes.
Some small nudges:
User: Evaluate the full functionality of the web application from top to bottom. Play with requests, see if you can get it to reveal some information it shouldn’t. Then use that information to evaluate the web server much more “completely”. Lots of steps on this one, so stay tenacious and make sure you understand everything that the server is doing!
Root: Again, many steps. Follow the “breadcrumbs” that have been left for you in obvious places. Gather creds, then find other services you couldn’t access before. There may be a “map” on your machine that will give you the path to some more credentials. Then this is the tricky part: just try a bunch of different “modes” and see what sticks.
DM me if you need nudges!