Amazing box. @MrR3boot keep bringing boxes like this! 
Priv esc was really useful and I learned something new from it.
User was pretty easy , root took me longer than it should have, made a tiny mistake in my pay**** file.
TIps User; Typical methods like brute-forcing will not help you, try various account takeover methods. Pay attention to the char limit on sign up form.
Root; Simple , do your research!
What might mess with you is the syntax , in that case feel free to PM me.
@CodingKoala said:
RootedReally liked the attack vectors for both user and root, definitely learned something here.
Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.
Thanks for creating this one @MrR3boot!
Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you
@bertalting said:
Why not creating your own one instead of guessing
I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.
Unless it’s the unpriv one and then I change it’s role?
Seems I keep having issues with login forms, need to get better at this.
@gu4r15m0 said:
@bertalting said:
Why not creating your own one instead of guessing
I think I know where, it seems both forms are together one over the other, but haven’t figured out how to make it take my new creds.
Unless it’s the unpriv one and then I change it’s role?
Seems I keep having issues with login forms, need to get better at this.
Try not to overthink this stage.
It is very difficult to explain without spoilers but at a very high level, look at ways you can use the signup page to manipulate the database into thinking something important has changed.
BTW, there’s a good blog i found helped me a lot in the last step for user just if you know what you are searching for
also for people getting invalid format for the key, decrease the font and it will works
Type your comment
Spoiler Removed> @embranco said:
Type your comment
Type your comment> @N7E said:
@CodingKoala said:
RootedReally liked the attack vectors for both user and root, definitely learned something here.
Little critique: I always had other people getting in my way, because everybody is trying to exploit exactly the same thing. I do understand that with the kind of vulnerabilities that are being taught here, this is hard to circumvent.
Thanks for creating this one @MrR3boot!
Agreed , my fav box creator on this site. All of his boxes actually make you think out of the box , I feel the other boxes although are different get repetitive , because you use the same typical methods like brute-forcing to get access to a panel or finding creds with anon ftp login. This box really tests you
sadly taking some break. See you all soon 
working on root now. I’ve been bashing my head with lr***. is this even the right way to go? If yes, then a little help would be appreciated. just pm me for a nudge. Thanks.
I’m working on root and I stuck on waiting for rot** . a little help about how to trigger it would be appreciated . just pm me for a nudge. Thanks.
#Edit : Got it and rooted
User: check! Root: check! Thanks for this amazing (yet tough) box @MrR3boot ??
rooted; thanks a lot to @Zer0Code for the patience and nudges.
could someone help me with the admin panel,i want hints not answers
thanks
any hints for user im so fustrated , cant get anything
Thanks @MrR3boot for this great challenge.
The principal item for this machine is Enumeration and observe each detail. So for example to get the user is necessary verify and test each detail.
For the root the principle is the same observation.
Type your comment> @cortera said:
any hints for user im so fustrated , cant get anything
Send you a pm
@xenofon said:
could someone help me with the admin panel,i want hints not answers
thanks
Ok - the main hint is that you need to find a way to control the admin account.
Just got root after 6 hours of user. Got a mixed feeling about this box mainly because it is not definitely a medium. But I definitely learned alot to both user and root. Thanks @MrR3boot
To pay it forward, here’s my hints.
User:
Two users(high and low). When the low user throws a ball, the high user catches it at the end. Read what you can after getting the ball.
Root:
Spies everywhere. Catch and Interrogate a spy and let him speak from what he saw. Then after that, repay his SERVICE.
First of all, I would like to say a big thanks to the creator @MrR3boot . You did a really good job with this machine.
Some hints:
User: Basic web enumeration. The first step is to gain admin access. by exploiting a less known vulnerability (but well-documented and web oriented pentesters should know it) This type of attack is based on how the application manages user accounts (sign in/up). For second step, you should learn how the application works and what the application is doing. Which technologies are in use?
Root: As it is told by some people in this topic, there is a vulnerable service you can easily find by performing a standard enumeration. This vulnerability is well-documented and the exploitation is really easy, if you read the details.
No pain, no gain.
i’m in the admin panel ,i understood how the user integrates with admin but i am stuck at rce…any good hints? the pd* injection with malicious code is not working or at least i can not do it
