If anyone can help with getting the right path, will appreciate it. Been stuck for the past days on that
It was really a good machine. Just now rooted it. A highly educational machine. I learned a lot of things I never heard of before. Thanks for the box creators. The only thing which was annoying is from the user shell, whatever file we upload, it will get erased suddenly. So we need to act quickly, it frustrated a lot. But the lateral movement and root part is completely new for me.
My hints:
For User: Analyse the request and response and google FU.
For Lateral Movement: Check all the open networks and analyze it with nc. Google it for a CVE.
For root: Once you’re in, check all the files in ‘~’ and google FU.
@gunroot said:
It was really a good machine. Just now rooted it. A highly educational machine. I learned a lot of things I never heard of before. Thanks for the box creators. The only thing which was annoying is from the user shell, whatever file we upload, it will get erased suddenly. So we need to act quickly, it frustrated a lot. But the lateral movement and root part is completely new for me.
My hints:For User: Analyse the request and response and google FU.
For Lateral Movement: Check all the open networks and analyze it with nc. Google it for a CVE.
For root: Once you’re in, check all the files in ‘~’ and google FU.
It is possible to have a user shell without even upload a file, apart from the file that you call, it save you time and frustration 
Type your comment> @Likkch said:
If anyone can help with getting the right path, will appreciate it. Been stuck for the past days on that
Dm
Great box, learnt a lot! pm for hints ^~^
Thanks @iampachinko for helping on user. For now great box 
Rooted, nice one.
Remembering from previous @MrR3boot boxes, he likes three times commands to be executed .
one of my all-time favourite boxes, very realistic and current, popular technologies
Very good box.
It is also one of those boxes where just as you think you’ve finished, you realise you haven’t.
Spent an inordinate amount of time dealing with typos but if you can avoid that, User is a known method for the technology in question.
Getting root took me longer than it should and I still dont know why. I was fairly confident I’d done everything correctly but it didn’t work. In the end, a modified approach was successful.
it was one of those machines where i would poke around a lot after getting the root flag to try out things beyond getting the flag. Always a sign of an interesting machine.
Getting root also took me some time, but it was very rewarding in the end and a great experience.
Type your comment> @TazWake said:
It is also one of those boxes where just as you think you’ve finished, you realise you haven’t.
I can sense what you thought that time. ?
Rooted. This was fun and educational. It is amazing that we always learn something new even though it seems there is you know everything about specific application
Thanks @purplenavi for nudges.
Rooted!
Question, for the exploit writeup from a blog about the RE vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn’t return any s***** errors if you direct it to the wrong location for me
Type your comment> @m0zzare11a said:
Question, for the exploit writeup from a blog about the RE vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn’t return any s***** errors if you direct it to the wrong location for me
From my experience it doesn’t cause expected error 500 for random location. You only see an exception if payload ‘worked’.
Aite thanks! Had me wondering if I got the correct vuln for quite a bit
What a ride. The user was super! and Root was awesome too. If you read the bible for CTFs carefully you will find everything. 