Type your comment> @Teryx said:
Type your comment> @royc3r said:
to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box…it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.
no, it does not.
cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula
Thank you Teryx!
Hi Guys, I found the username g***i and found the password and the extra bit, I have tried multiple combinations including using a surname as part of the user but I cannot login to oe… I just don’t see what I am doing wrong? any help would be most appreciated… Cheers.
OK Got it now…
@neuronaddict thanks for the hint
Nice box, I learn some interesting things.
Some hints :
Zap proxy provide some nice features : log all http traffic (to further analyse), replay some requests, index site (follow all links to search and log all pages), and search for string in logged traffic. Play with it and you will save more time later!
If you google correctly and read carefully what is possible, you will get you user.
Think about your system in term on read, write, execute. What can you write, read, execute and who can make what for you?
Its simple to reproduce the env in our local machine to test more easily.
Root shell is also possible, with a similar technique.
PM me if you are stuck and want some hint.
hey !!! can someone plz pm me to help me get the creds ?? i search every file and still nothing …
this box is such a pain lol… I just spent 3 hours looking for the password 
Hi,
I’ve completed the box, If you need help, just pm me 
hayyy guys i need an explanation. i got user.txt but for root i found world witable directory and interesting tar file owned by root. i know that wdcd in and sc attack can be used . but to use these methods, i need to have a suid program? am i right or worng, i’m confused now. PM me . i wanna discuss that.
Hmm … I’m just so close, that I start to smell the root flag.
I’m trying to be “wild” … however, the exploit doesn’t work when I’m outside of the folder, but applying the command in the same folder works great … if anyone has an idea please share it with me <3
Update: Got the flag … but didn’t root the machine thanks to @wizlord … however not sure why being wild didn’t work for me to get the shell.
Man … I want to beeotch slap this machine. I have gone wild 7 ways from Sunday and it just wont work for me. @wizlord show me the way. I am sooooo close.
please how do i get root access. please PM me for hints
Need help, i found mo**** end enumerated sub dirs but nothing intresting, please help me
can somebody explain me, why can’t I get a persistent reverse shell ?
got the low privileged shell …on the way to user… did the m***l enumeration and stuck with hashes … can some one please help me out here 
Type your comment> @achayan said:
got the low privileged shell …on the way to user… did the m***l enumeration and stuck with hashes … can some one please help me out here
and that’s a whole day spend in teacher … GOT USER …
I got user and root flag … however, anyone was able to get root shell?
ROOTED … thanks for @Shadows and @Leonishan for supporting in priv escalation … 
… nice machine @Gioo
I couldn’t root, but I got root.txt. Is it possible? I do not know.
Thanks for helping. @Shadows @pp123
Found the G******* hint but no idea how to find what is missing from it.
Edit: No idea what I was thinking. Got the pass for the service.
got a lov priv shell, need help for user please PM me