This machine requires XML knowledge doesn’t it?
Hi All,
I have obtained the user.txt. I am stuck in the next steps. I have read few log files but still not sure how to progress. Is there any hints? I tried to read all the post here but still not able to figure out.
Thank you
Total n00b here and I need my hand held for this one. Been working for a couple of days on this. Thanks.
Hi All,
I don’t find the injection point for upload file , can you give me some hints ?
There are only 2 pages but I don’t see anything
@evilcall said:
Hi All,I don’t find the injection point for upload file , can you give me some hints ?
There are only 2 pages but I don’t see anything
It’s in front of you bro, just read what all is written on the ‘2 pages’ you found.
@drywaterv2 said:
This machine requires XML knowledge doesn’t it?
I dont think so, I didn’t had any knowledge when i did the machine.
Google bro, it has answer to almost everything
@meowzilla said:
Hi All,I have obtained the user.txt. I am stuck in the next steps. I have read few log files but still not sure how to progress. Is there any hints? I tried to read all the post here but still not able to figure out.
Thank you
You know, when I don’t find anything, poking around in all the folders that i have access to helps 
But maybe feed.py file available on the internet and I need to look source code ?
@evilcall said:
But maybe feed.py file available on the internet and I need to look source code ?
No need for all that, try a different approach.
I have tried everything I know… Are there some parameter guess in get request ?
Finally got it! Nice box, thank you for this one! Went down multiple wrong routes, but I learned a lot during all those ways. Enumeration still teaches a lot too a newbie like me. 
DAMIT
Can i have some PM for hint to get priv esc? Thx! (I got the r*a.)
Solved! “Back in time in DevOps mode”
Can anyone let me know if “internal server error” is indicative of a goosed box or just poor formatting of what im posting?
tried lots of formats and i see get requests come back to me, but never the info i ask for… 
@Phrenesis2k said:
@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?For some reason dirbuster failed for me aswell. try dirb
Having problems with dirb, I get a “Calculating NOT_FOUND code…”
edit: any suggestion on which wordlist to use?
If someone need help for an initial foothold pm me
Stuck on the XML cant escalate it further… any hint…?
Amazing box @lokori ! Really enjoyed the the user, a bit too obvious for root but it was very fun. Great Box! 
@sakyb said:
Stuck on the XML cant escalate it further… any hint…?
What files/folders can you read? What would be great to read from a user directory?