Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myself…
Type your comment> @sanre said:
Cant find the correct action for the mfa despite all the hints here. Have gone through various wordlists + different permutations on each but still no hits? Would appreciate a hint here.
edit: why is it always when i finally reach for help, I soon happen to magically realize the error myself…
I would appericate your hint regarding directory enumeration.
Done! It was hard, really hard. The user is good but some guessing necessary (thanks @menessim). The root was fantastic but very hard and very fun for me. It was my first heap exploitation. I have read a lot write ups and try many methods before i got root with my own custom script)
Hello can somebody help me please? I’m stuck at the firmware part. I have tried a few things but they doesn’t work.
EDIT : Got it. Don’t need help anymore.
I finally rooted Player2 after three weeks of hard work. What can I say? I wish every box would make me go back to school like this. I feel much stronger now. Thanks @MrR3boot. Thanks @b14ckh34rt.
Hey, I just started this box, but I had to say the the homepage is pretty effin funny. Protobs! we believe that bits never lie! Let’s poke each other! roflol, ok had to get that off my chest. Have a good one!
If anyone is feeling cryptic, I’m fishing for a nudge toward user. I’m on the box as the normal unprivileged account, and I’ve managed to pull some clearly important data from the running service, but I’m drawing a blank on what I can actually do with it. All the moving parts I can find regarding the process in the documentation seem to only apply to steps I’ve already completed.
Nevermind, I only needed to embarrass myself publicly to immediately figure it out. I’m in.
Got user, root is tough, wish had more time to work on it, great box really enjoyed it !
PM for nudges 
do we need a special wordlist for this one (i dont want to spoil exactly where, at the beginning)? the standard ones i usually use failed… ;(
Any nudges for the firmware RCE? I’ve tried a range of things to no avail and eager to discuss.
How do i solve invalid session on /api/t***
Type your comment> @TheGrandPew said:
How do i solve invalid session on /api/t***
Apparently provide a valid one. More interesting question is how to solve invalid action
Type your comment> @olsv said:
Type your comment> @TheGrandPew said:
How do i solve invalid session on /api/t***
Apparently provide a valid one. More interesting question is how to solve invalid action
Next comes “Missing parameters” 
Type your comment> @kotoffski said:
Type your comment> @olsv said:
Type your comment> @TheGrandPew said:
How do i solve invalid session on /api/t***
Apparently provide a valid one. More interesting question is how to solve invalid action
Next comes “Missing parameters”
Well, at least you know you’re on the right track
I am having some difficulty discovering what I need to get started on the high port. A dm with a nudge would be greatly appreciated.
Wow, I’ve learned something about the very initial part of enumeration of this box. When enumerating: use different tools to do the same thing as you won’t always catch the right information with certain tools because their default settings are too weak. But other tools have default settings that are robust enough to do enumeration the right way.
Ok, More stuff discovered and I know I need to understand how p$$$/g&&&&.p%%%% works but I am not getting it figured out. I need a little nudge here. Am I sending this j*** request to high port or the p$$$$$.$$$$$$.$$$ port?
Well now i have creds… I figured it out.
The way I got shell should not have been possible in retrospect. It’s like making a backwards free throw and accidentally scoring it. I also don’t think many people would do what I did, because my thinking was backwards. I’m a bit sad I got in this way.
I figured out how to actually do it though It looks similar, but like a backwards free throw I didn’t have any vision, and I should have.