if you need some help you can always msg one of the many nice guys/girls around,
of course the first thing they will ask you is to cat payload which you should do,
And at that exact moment you will realize that your are a blind fool.
Many Thanks @TazWake
I found a special file. Whenever I try to login to the server using that file I get err msg “Connection closed by 10.10.10.176 on port x”. I dont know what to do with that. Any hints?
nevermind 
Hello guys. I found the vulnerability in the admin panel and I exploit it, but when I use my payload nothing happen. I always be redirected to admin login page but It don’t raise the alert box with “Nope” as usual when you fall login. I don’t want to spoil this amazing box so if someone want to help me for understand better what I am doing wrongly please PM and I will explain more better what I did and what happened.
Spoiler Removed
finaly 
the box is very fun !! great job !
you need help for nudge mp me
Thank you to @Kevoenos for the link on the initial attack. It was what I was trying, but I was doing it in the wrong place, AND, if doing it at teh same time as other people this part is hard. IF a payload doesn’t work, wait a bit for a reset, and confirm someone else isn’t mucking up the attack. Try not to use a common file of interest to confirm access, use some other file in a directory that will always be there so that you know it was you, and not someone else
rooted !! welcome pm for help
I rooted today but my brainfucked.
I will not say I loved it, because I hit some rabbit holes. The last part was annoying with a capital A but it worked I gave the builder my respect. Keep it up!
@MrAldersonn said:
I rooted today but my brainfucked.
Exactly this! I need 2 liters of Icecream to get back to normal.
I can’t open the 80 port from browser. I can ping it, scan it, but can’t open the web page. Anybody has same problem?
PS: I tried other machine, the Firefox works fine. Just not work for this one 
Wireshark told me the GET request has succeed, however there is no response, only many TCP-Keepalive packets, and then nothing happen, browser keep waiting…
Finally end with 500 Internal Privoxy Error @!!
@yzkofk said:
I can’t open the 80 port from browser. I can ping it, scan it, but can’t open the web page. Anybody has same problem?
PS: I tried other machine, the firefox works fine. Just not work for this one
Port 80 should be responsive.
The box is really awesome in concept.
And it is 100% ■■■■ box on hackthebox history…No matter thousand times you try this box is not going to respond you.The website is harldy up for 5 minutes and again restarts all from begining…
i can’t deal with this ■■■■ box anymore…
Done! PM if help needed
Spoiler Removed
Finally rooted after a few hours! Overall concept was amazing! Here are my takeaways that might help.
User: Your foothold has two faces and in some ways will talk to each other. Once you figure out the link, think of ways you can get one face to disclose info based on what you tell the other.
Root: Once you enumerate and figure out what you have control over, the exploit is crafty and straight forward - be sure to eat your peas. For some reason, I had to try the exploit a few times after resetting the box, but eventually got my foot in the door.
Happy to throw bits of hints via dm - this was a great experience!
Spoiler Removed
Spoiler Removed