I really enjoyed this box after tearing my hair out for an hour trying to figure out why traffic wasn’t flowing the way it should.
In order to get root remember traffic needs to flow both ways…
I consider myself pretty good on networking but I’m still learning and this box helped. It was also refreshing to see that a pivot was needed too. All in all great job @snowscan
If anyone is stuck on the networky stuff, feel free to PM me and I’ll share some tutorials that helped.
Can anyone help PM me with the RCE part.
Understand the encoding and what field to attempt it on, however, cannot get the reverse shell to connect.
Hello Guys… I’m new here … can you help me please…
First i enumerate the box i found the udp port…enumerated … i found the psswd using sn***lk but i don’t know the username can you help me please 
thanks in advance …
@tacosaurus said:
I am stuck with user. I am playing with the check value but I find nothing interesting. I need a hint please
I’ve been stuck at the same point for more than a day. Can’t seam to get syntax correct or something because I can’t get *nix commands to return anything. Please help.
@redcypress @DeHackzU PM me! I can help you with rce.
I figured out the proper syntax and another underlying problem.
stuck trying to find root. have already gained shell access to the 1st box and got user.txt. from all the posts here, i understand that I need to change the route or smth… but am stuck at which route to change…
Any kind soul here willing to point me in the right direction?
Can anyone PM me with some help with the inital foothold?
I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it’s the injection is properly encoded. Thanks in advance
@R1pid said:
Can anyone PM me with some help with the inital foothold?
I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it’s the injection is properly encoded. Thanks in advance
This is a very obvious reply, but if you know where to go and what you need to do my advice is to stick with that and carefully craft your requests. Start with simple things and build your way up. Check your output, where things break and how you can string things together.
Hey everyone,
I finally got root, but just curious about why there is an additional “secretdata.txt” file. Has anyone checked what is that about?
PP
@pp123 said:
Hey everyone,I finally got root, but just curious about why there is an additional “secretdata.txt” file. Has anyone checked what is that about?
PP
It does contain an easter egg. I don’t want to spoil it. Think about what kind of data you are looking at.
PS: If someone has a question, feel free to PM me if you are stuck.
Just got root and wow, this was my favorite box. It was more realistic than some other ones. 
Can someone PM with some help. I feel like I was on the right track but I cannot find the serieal number I have enumerated a couple ports that I have found with built in nmap scans and haven’t been able to find anything worth while either.
Anyone up to help me out with priv esc.
Done till ftp part didn’t pop any info from that 
Thanks for the box @snowscan, it really got me out of my comfort zone!
Need help with the t*pd8mp part… im advertising myself quite well
Got Shell!! I always use the locate command ! will save you time! Hint locate bgp…
Finally got root! Was a fun and interesting box indeed. Requires a solid dose of routing knowledge to redirect and capture some interesting traffic. Thanks @MTOTH and @d4rkk for hints during the hunt!
Need help on root feel like I’m close?
Allright… I could really use a nudge for the flag. Got the shell and think I have managed to edit the traffic flow, but I can’t seem to get the t****** to output anything useful format. Any ideas? PM would be appreciated.