Rooted with some hints in this forum, but still not sure about everything. Can anyone explain to me why the full path of s*******y is important here? Why I cannot just type in the file name only when I’m in that directory? Many thanks!
I gotten on as the web server, and found a certain script, and looked at the sudo stuff, but I keep getting prompted for a password whenever I try and run the script. I can’t figure out what’s wrong. Can anyone nudge me?
Edit: NEVERMIND, I read the man pages closely 
Type your comment> @snox said:
I got shell was w**-***a user and i have found s______.py but i can’t bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
Can anyone point in the right direction?
dm me
@tomteng : It’s how it is defined in the sudoers file, the binary will only run with the modified permissions when called exactly as in described in that file, for security reasons. Sometimes you might find wildcards being used in the path description which you can leverage as well, although that’s not the case with this particular box.
I can’t get the lfi to work at r***.p&*=.
I’ve tried everything I know but nothing seems to work (n00b here).
Could anyone give me a hint for that?
@sn4k3r1tu4l : Perhaps it isn’t a LFI, but a different type of vulnerability?
Rooted… Very good and straight box, thx @manulqwerty and @Ghostpp7
PM me if you stuck and describe in detail what you did and what you have!
a simple hint,
enumerate GSUIDs
Pretty easy but fun. Seemed like there were a lot of different ways to accomplish things.
Rooted
Pfew, got user after some hours 
Let’s move to the esc xD
Rooted 
That was a really fun box ! thx to the owners
Currenty have the wa shell and access to pm*n and am now stuck. any hint would be appreciated
So I have been trying to use sqli to get into the users of the website and see if I can’t get the passwords to be able to ssh in as ww-data. Is there an easier way to find the access in the account?
@gNarv3 said:
So I have been trying to use sqli to get into the users of the website and see if I can’t get the passwords to be able to ssh in as ww-data. Is there an easier way to find the access in the account?
one does not simply ssh as www-data, if you’re using sqli there’s one tool that can let you get a shell from exploiting such vuln…
Finally got around to doing this box. Unfortunately people kept resetting the box all the time, so I had to redo a lot of the first steps again and again.
The very last step for root gave me a lot of trouble until I decided to spend some time to get a better shell (S*H), then it was relatively easy with the right documentation.
If you need any hint, DM me with where you are at and what you have tried.
ROOTED!
Very interesting machine, I learned a lot from this. Thanks to @manulqwerty and @Ghostpp7
Foothold: using two well known sec tools is quite easy, but I still don’t get why people talk about spotting differences between page 1 and 6
User: I spent too much time here then I realized my mistake was a syntax error. Basic privesc and googling is enough
Root: Basic enumeration and googling, a link posted here some pages ago will give you all you need to get root
Probably without reading posts here I would have rated this box as “medium”. Well, if you need hints PM me!
Finally rooted,
!!! → pls DON’T remove files that other users created, is pretty selfish and useless.
PM me if you need some hints (and write your current situation 
)
Working on root now, but I think everyone should know that the comments “recommending” getting a better shell is actually more of a requirement, at least as I was trying to progress.
I had unknowingly figured out how to get user a long time ago, but it didn’t actually work until I upgraded my shell.
EDIT: Rooted! Happy to help anyone who’s stuck. All I ask is that you send me what you’ve already done and where you’re stuck.
finally got the user 10x to @Yerdua95 that confirm the right path i was.
i failed with the syntax but learned a lot about linux privilege escalation.
need help ? PM