I’m going round in circles trying to get Root to fire. Is anyone available to help out?
Uhhhh Finally … Thank you @TazWake you’re awesome as usual and very helpful … Thank you @MrR3boot for this fantastic machine … I really learn a new thing here …
@thegingerninja said:
I’m going round in circles trying to get Root to fire. Is anyone available to help out?
Try to reset the machine and test again … that worked for me
I have everything I need to get root but one thing, can someone give me a little help?
I’ve managed to get into admin but I could really use a nudge for the second part of getting to user. I see from other comments that it uses X** on the P** and so I think I know where to go but I have never used X** within a file before and am not sure where to start.
EDIT: 15 minutes after posting this (after trying for a day before posting) I figured it out. Hint for anyone that gets stuck at the same spot, maybe it isnt about the field you think
Anyone able to give me a some pointers on initial foothold? Made a user and tried exploiting a few of the pages but with no luck
Rooted, i wouldn’t have done it without a hint on the first vulnerability to exploit on the website, never heard of that one !!
I tried to reproduce such a behavior locally with the default settings of the database, with different types of tables i created just to check, i was never able to see the same happening…
I also am curious about the X** exploitation, wasn’t able to get the information i wanted through some means which worked locally. Curious as to why, if anyone has more info to discuss in PM.
Finally rooted 
Had a lot of fun and learnt a few new techniques - definitely a box I will be returning to, one of the hardest I’ve done.
Thanks @MrR3boot - Great box.
Can someone pm me a nudge to get into the admin panel? I’m probably not finding the right form to overwrite admin creds
@ekardnam said:
Can someone pm me a nudge to get into the admin panel? I’m probably not finding the right form to overwrite admin creds
You don’t have to be limited by what the page tells you is a limit. If you ignore this, you can make the backend think something is different to something else but end up treating them the same.
New to htb and finding difficulty with getting access to the admin panel, could someone please pm me a nudge? I’ve attempted to bypass the “limit” imposed but can’t seem to get past the login page still.
Been on this for a long time rip
Type your comment> @TazWake said:
@ekardnam said:
Can someone pm me a nudge to get into the admin panel? I’m probably not finding the right form to overwrite admin creds
You don’t have to be limited by what the page tells you is a limit. If you ignore this, you can make the backend think something is different to something else but end up treating them the same.
I think writing here what I tried would be a spoiler, but i treid something like that with no luck
@ekardnam said:
Type your comment> @TazWake said:
@ekardnam said:
Can someone pm me a nudge to get into the admin panel? I’m probably not finding the right form to overwrite admin creds
You don’t have to be limited by what the page tells you is a limit. If you ignore this, you can make the backend think something is different to something else but end up treating them the same.
I think writing here what I tried would be a spoiler, but i treid something like that with no luck
If you are stuck, feel free to drop me a PM with what you have done and I can see if I can help.
Got root. Nice box!
could anyone please give me a push? Im at the point where ive bypassed the a**** page but im completely lost now.
Finally root .
You have to works on every step, nothing come easily.
Thanks so much @TazWake for helping me.
I have to rest now!
Really struggling with getting l*******n to work. Got it functioning for a couple of minutes but then it stopped. I didn’t change any of the syntax I was using from the brief period it worked. Tried resetting the machine and switching to a different server. Anybody have some tips or tricks they would be willing to share? Thanks