man i’m definitely that guy, with the alternate versions and such, just totally tripping over what the path up to root is from here
@fhlipZero said:
man i’m definitely that guy, with the alternate versions and such, just totally tripping over what the path up to root is from here
scratch that, was dumb, was right in front of me RIP
@ph3on1x said:
@Didakt said:
Hello world,
Sill blocked with the xml, i can upload valid xml (without causing Internal server error) but when i try to put “&” in the xml file (require to xxe) , it’s crash …Any tips here ?
Thanks !well I am s> @lokori said:
This is not strictly a hint, but the machine was designed to not require arbitrary guessing or finding the right wordlists because I don’t really like that kind of hacking
So the hints are not hidden, they are there. I hope you like it.
Okay this is little misleading or at-least was for me [
not require arbitrary guessing or finding the right wordlists] you still have to do it; do your basic enumeration steps and later comes the part where you can be creative. @lokori It indeed is a good machine
Hey sorry for the stupid question, what u mean with “arbitrary guessing” i googled but i not found nothing specific 
@h3kd3w google won’t help, but you don’t need to guess out-of-nowhere what is the name of the user or what is the user’s password or something like that. Basic enumeration and paying attention to what is there will provide the necessary information. Then just you use that information.
if you’re in a position that you know what to do but don’t know how: read the manual.
Got it! thanx 
@lokori +1 Solid box.
Bit of a n00b here, if you all mention basic enumeration, what do you mean? Just the usual nmap for open ports? Maybe a specific option on that scan? Or more?
@jAnO76 said:
Bit of a n00b here, if you all mention basic enumeration, what do you mean? Just the usual nmap for open ports? Maybe a specific option on that scan? Or more?
basic enumeration contains more stuff.
directory enumeration, what you find in source code of webpages (if they exist) etc.
it depends of what is implemented in the machine you are looking into
I have found two ports with nmap, but how the web server helps? I can’t find anything with dirbuster
@trodix said:
I have found two ports with nmap, but how the web server helps? I can’t find anything with dirbuster
use another tool. like dirb or gobuster maybe
Or juste another list @trodix …
pretty much any tool and any web site discovery list should be as good as it gets
@lokori great box learned some things that wasn’t even actually related to getting root but still useful.
Redacted.
Spoiler Removed - Arrexel
pretty easy box, I enjoyed it tho
Spoiler Removed - Arrexel
@Snoe said:
@Didakt said:
Rooted !
Very cool box, thanks to the creatorAnd the first hint some one gave for priv esc was just perfect :
“Far far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?”
Think about it !
Thanks for the box
Same. That guy really showed me the way to privesc.
I really read the past and I didn’t find anything relevant. Stucked in priv
@n1b1ru said:
@Snoe said:
@Didakt said:
Rooted !
Very cool box, thanks to the creatorAnd the first hint some one gave for priv esc was just perfect :
“Far far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?”
Think about it !
Thanks for the box
Same. That guy really showed me the way to privesc.
I really read the past and I didn’t find anything relevant. Stucked in priv
Go farther back