August 6 Report Spoiler
@nospace 1. Did you get “all” of the creds? More than one set works. 2. If yes and it still does not work, then try reverting box. If not, continue your enum on the db
Does anyone have a recommendation for an active box, for someone who enjoyed this one? Feel free to point me to another forum post if that’s the thing to do 
Finally Rooted thanks to @vitorfhc for helping me get through this machine
I am still available for help! Feel free to PM me if you get stuck!
With a bit of help, managed to get root 
Hi, i found cs, tn and the e**l function, but i don´t know how to exploit it. Please any hint ?
Type your comment> @1337mn said:
Hi Folks,
FYI I had a hard time with user on this one (after initial shell) - SSH hang. Google the exact behaviour and read all. I found a solution that works that I have never run into before.
I’m just there, ssh hangs when i try to connect with user’s key, it’s driving me crazy…
But the worst is that i don’t really know if that means i’ve finally got the correct passphrase, or i dont’. The fact is that if i try wrong passphrases it doesn’t hangs, it just out an error and ask again… I really hope so…
I got a rev shell as root but for some reason i can’t find user.txt or root.txt and there are a lot of weird files. can some one help?
EDIT: User owned… time for root.
EDIT2: Rooted, PM me me if you need help
Wow!! rooted!
Instantly it becomes one of my favourite boxes, every new box in HTB should take notes from this one.
It’s coherent, nothing feels forced, could be perfectly a real-life example, implies some research for average users, could be challenging but not frustating and the reward worth it at every step you complete until the end.
I was not very familiar with some of the stuff present in this box, but it has been a good excuse to fix it 
PM if you need some help.
root@craft:~#
Awesome box, and I can’t believe how simple root was. Surely, that cannot be realistic
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)
cool box, user was definitely harder than user
thanks @zalpha
Rooted! Nice Box … Some fun’s tricks
Edited: NVM got the foothold, bit thanks to @jorgectf for his hint “b***h is not installed”. Kept trying the wrong thing over and over.
I am still in footholds…As I understand I need db credentials,I tried to getinside the url : https://api.craft.htb/api/brew/?p***=3&b**l=true&p******e=10
tried three parameter page,bool,per_page via sqlmap but none of them looks like vulnerable…I don’t know how to move forward.Can you give me an advice please?Thanks
Type your comment> @Tugzen said:
I am still in footholds…As I understand I need db credentials,I tried to getinside the url : https://api.craft.htb/api/brew/?p***=3&b**l=true&p******e=10
tried three parameter page,bool,per_page via sqlmap but none of them looks like vulnerable…I don’t know how to move forward.Can you give me an advice please?Thanks
Look at the code for the app. It’s not vulnerable to sqlinjection, it’s code execution you’re looking for on this one.
Rooted. It was super interesting. PM me if you feel lost:)
Type your comment> @Tugzen said:
I am still in footholds…As I understand I need db credentials,I tried to getinside the url : https://api.craft.htb/api/brew/?p***=3&b**l=true&p******e=10
tried three parameter page,bool,per_page via sqlmap but none of them looks like vulnerable…I don’t know how to move forward.Can you give me an advice please?Thanks
I found g***.craft.htb but couldn’t find any credentials.But found an authenticationtoken but it doesn’t work.The seerver turns error
@Tugzen said:
Type your comment> @Tugzen said:I am still in footholds…As I understand I need db credentials,I tried to getinside the url : https://api.craft.htb/api/brew/?p***=3&b**l=true&p******e=10
tried three parameter page,bool,per_page via sqlmap but none of them looks like vulnerable…I don’t know how to move forward.Can you give me an advice please?ThanksI found g***.craft.htb but couldn’t find any credentials.But found an authenticationtoken but it doesn’t work.The seerver turns error
Ok found them.
Rooted
User took me days!
PM me for help/nudges/etc