Type your comment> @Ruri said:
Does anyone know how to stop this ■■■■■■■ HTTPS port from going down every single time I try to LFI? This is absolutely infuriating; I just want to make progress and it seems like I have to reset the box every time. Any tips are completely welcome. Gonna be a thumbs down on this one for me, dog.
Same here. EVERY single time I try LFI, the HTTPS service crashes, so, for the moment I canno read the files I’m trying to read. I
Type your comment> @Kinjo said:
Type your comment> @Ruri said:
Does anyone know how to stop this ■■■■■■■ HTTPS port from going down every single time I try to LFI? This is absolutely infuriating; I just want to make progress and it seems like I have to reset the box every time. Any tips are completely welcome. Gonna be a thumbs down on this one for me, dog.
Same here. EVERY single time I try LFI, the HTTPS service crashes, so, for the moment I canno read the files I’m trying to read. I
Do what I did: stop using the CLI tool on Kali for decoding/encoding. Use an online tool, like this one: https://www.base64decode.org/
This may well immediately correct your issue.
You could use echo -n to omit the newline character at the end.
Yes!!! got user and shell. “-n” switch or coding using and online tool. Thanks! Let’s go for root.
is it something special to take care of when you generate client certificates? i tried multiple times, and is not working… not in firefox or chrome eighter…
@portos060474 said:
is it something special to take care of when you generate client certificates? i tried multiple times, and is not working… not in firefox or chrome eighter…
If your error is : This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
You have to generate .p12 cert 
Source : tls - Firefox: certificate can’t be installed - Information Security Stack Exchange
I generated the certificates in various modes, but, despite certificate is installed in browser i got the message: “Sorry, but you need to provide a client certificate to continue.”
@portos060474 said:
I generated the certificates in various modes, but, despite certificate is installed in browser i got the message: “Sorry, but you need to provide a client certificate to continue.”
PMs 
thanks, it’s working, I missed a detail, the server certificate
can i get a nudge on root? already got the shell. maybe its me that overthinking it?
Edit: Rooted! PM if you need help!
lacasadepapel [~]$ whoami
root
Happy to help fellow hackthebox’ers!
So user was simple
Root - potentially should be simple, got the command i need but missing something on the syntax (probably overlooking something glaringly obvious)
Anyone about to go over some syntax ?
I got root.txt and the flag. now, getting a root shell will be pretty straightforward
bash-4.4# hostname
lacasadepapel
bash-4.4# whoami
root
Owned !
I used HTTPS path. I would like to know the “other” method for achieving user shell without using HTTPS. Could someone PM me with that information? thanks in advance
Feel free to PM me for hints
Type your comment> @sillydaddy said:
Type your comment> @parteeksingh said:
Any hints what to do with box ?
A good old door !!!
Indeed…
:grin
anyone got any advice on that stupid p** shell from the f** exploit?
Type your comment> @sebaileyus said:
anyone got any advice on that stupid p** shell from the f** exploit?
use the built-in help, check all the commands you find, as well as other p** functions, and enumerate as much as posible
When authenticating, just refreshing the page with Firefox my not be sufficient -_-
hi guys, about the old door try to use more than one exploit if the 1st does not work!
Type your comment> @Lm00n said:
hi guys, about the old door try to use more than one exploit if the 1st does not work!
Try to understand how the “old door” works, beyond using Metasploit.