Okay I know I missing something here with the intial foothold. I cannot seem to find anything with dirb. I have tried generating wordlist from the site, big list, i tried specifying different directories and running through the same. Any nudge would be appreciated.
bankrobber might help
Finally rooted!
initial foothold is brainfucked for me, but i learn a lot from it.
big thanks for @EvilT0r13
I understood from the previous posts that i would need to bruteforce the web directories and as a result, I’m brute forcing the ■■■■ out of this machine with custom created list from the website and kali’s list but no luck :neutral:
Besides some note I didn’t find anything either. Some hints would be appreciated. 
Type your comment> @bergi said:
Besides some note I didn’t find anything either. Some hints would be appreciated.
Thanks for pointing that out because i didn’t think that the meaning is literal.
I went there and got a clue and found my way from it.
Read it and think where they want you to go from it.
Type your comment> @MCheckerson said:
Type your comment> @bergi said:
Besides some note I didn’t find anything either. Some hints would be appreciated.
Thanks for pointing that out because i didn’t think that the meaning is literal.
I went there and got a clue and found my way from it.
Read it and think where they want you to go from it.
Hey, what helped me to pass that step is access: http://10.10.10.183 and read the file you can find fuzzing
rooted!! 
the user part has been tricking, thanks to @gverre for the nudges! 
the root part has been very interesting and easier than user from my point of view, and it didn’t involve any brute-forcing…
Do not forget to clean the box after you’re finished, it won’t do it by itself.
that’s correct! I found so many leftovers on the server…
By the way, I read someone rooted by decrypting/brute-forcing the image? I’m not in the mood of downloading all that stuff, so what’s inside that image?
Edit: Thanks @nyckelharpa for sharing the decrypting solution I actually thought that code was a useless rabbit hole that made me lose time…
Hi everyone, I’m really enjoying the box so far, but I’m a little stuck at getting the initial foothold. I think I have all the bits and pieces needed, and have been playing around with them in some fun ways, but haven’t had any luck getting anything super useful off the box.
I’d really appreciate if somebody could message me so I can see what I’m getting wrong.
Edit: I have been saved from my rabbit hole
Forget to post this here - I got root on the machine as well. I thought it was quite a fun machine, however, there are quite a few rabbit holes on there that seem like legitimate paths for a long time before you realize that… nope… it’s just a rabbit hole.
Special thanks to @guanicoe for our teamwork!
Some hints from me:
- Foothold: Enumeration is key. However, automated tools will only get you so far. Remember that one server might have different addresses and that you might need to modify a file on your system to access them.
- User: Again, enumeration is super important. Once you found something important, understand how it works and then use it to read files you couldn’t access otherwise.
- Root: You will probably need to enumerate again. Also remember something you might have found during User. One of the most common attacks can be used against it, but you need to be a bit clever about it. However, there’s also a more elegant way, but you will need to take a close look at some algorithms to find it.
I’d be happy to help, but unfortunately I won’t have much time for HTB this week.
Thanks to @InfoSecJack and @chivato for the box! I quite enjoyed it! If one of you guys have time someday, I’d like to ask you something about the cr***o
I need a sanity check please…ran dirb and wfuzz…got a few locations but nothing came from that. I could be overlooking something easy i am sure and over complicating at the same time. Help a brother out
rooted!!!
Many thanks for the tips @EvilT0r13 and @cY83rR0H1t
and congratulations to the creator for this great box
just get root
my first hard box
thanks to @InfoSecJack & @chivato for this really good box i learn some tricks
what to say as hints evrything is about enumeration
pm if somthing needed
just a tip for web-focused testers - there is another way to get the creds, it’s related to how the backend handles some specific URLs. No need to “point the gun at yourself”.
all can be found in PayloadAllTheThings … or OWASP
Type your comment> @edspiner said:
just a tip for web-focused testers - there is another way to get the creds, it’s related to how the backend handles some specific URLs. No need to “point the gun at yourself”.
all can be found in PayloadAllTheThings … or OWASP
That is how i did it 
I didn’t get the gun pointing hint though :neutral:
hello Guys,
Im trying to get p*** priv so i tracked b******p and i satisfied it demand however it’s not able to read what i want… can someone give me a hint ?
Woohoo!! I just got user, finally! That was a journey. That was painful. But! that was a darn good time too!
Big ol’ thanks to @EvilT0r13 and others for the nudges. Now on to root!
This machine almost drove me up the wall but, as always, with any challenge getting to the end made it worth it. Props to @stoneric for the sanity check on User1 → User2. If anyone managed to do that particular portion successfully using Python specifically, I’d be interested in having a chat.
Also be interested to hear from anyone that didn’t BF the last bit to get what they need for root. Just to find out if it’s even possible and, if so, what other avenues exist.
Thanks to @InfoSecJack & @chivato for crafting something that’s consumed my life for the last week or so - I learnt a bunch from this box, so nice one; I’m thankful and yet also hate you both enormous amounts 