Hello,
I’m trying to figure out the way in. I’m throwing dirbuster against the webserver, but i didn’t find anything interesting with the normal dictionaries. I also tried bruteforcing the login page, and i found two usernames, but seems impossible to get the password.
I have been couple of days trying harder. Apart of that, any hints out there? 
Nevermind, i managed to get into the panel. I can keep on working now, thanks
I’m stuck trying to figure out how to get into the panel still
Also got in, dumb mistake on my part
@LouissTNT said:
any hint guys after login successful ? that ext drive me to crazy !!
Any progress mate? Really frustrating this one 
nvm… got it… privesc here we go
Haven’t found any way through the login yet. I think the guessing game is an extremely boring form of “hacking”, dirbuster or manual. Which is a shame because this machine is most likely otherwise an interesting one.
@lokori said:
Haven’t found any way through the login yet. I think the guessing game is an extremely boring form of “hacking”, dirbuster or manual. Which is a shame because this machine is most likely otherwise an interesting one.
Every step in this machine is so well thought of.
Is there a way you can think of to check places the website doesn’t want you to?
Have you enumerated it enough?
Have enumerated quite a lot with different wordlists. Found one “hot tip” but that’s pretty much it and perhaps there is nothing more to be found. There are some “issues” in the login implementation, but so far it has resisted my feeble hacking skills
Of course I tried guessing different things, but that didn’t lead anywhere.
I’m interested in this machine because nobody has given it thumbs down, which clearly suggests that this is a nice one.
Hey guys, I am stucked at the login page. Have tried different methods, but still coming short. Any tip or hint on how to approach the login page?
I finally got the user flag after a lot of “Try Harder”. Probably couldn’t have done it, but I got one invaluable tip about a thing I had never heard of. This machine rules 
I’m a bit stuck on the upload feature, I’ve been working on it for like 3 days and I can’t seem to figure out how to get around the url filtering. I’ve tried, null characters, double url encoding, illegal unicode, etc… is there a resource that anyone could point me to that could help me continue to move forward?
Hey, machine creator here.
For those that are stuck on the website - the user profile is hint.
If you are stuck on the privilege escalation, I am afraid I cannot help you much without spoiling.
The method is pretty unique, so don’t be afraid to try things that seem unlikely to work.
@5aru said:
I’m a bit stuck on the upload feature, I’ve been working on it for like 3 days and I can’t seem to figure out how to get around the url filtering. I’ve tried, null characters, double url encoding, illegal unicode, etc… is there a resource that anyone could point me to that could help me continue to move forward?
try harder.
SPOILER
I still don’t have the root flag, but at least the initial step towards it was indeed pretty unique. I kind of see what I should do next, but so far I haven’t been able to find a way to do it.
@dm0n said:
Hey, machine creator here.
For those that are stuck on the website - the user profile is hint.
If you are stuck on the privilege escalation, I am afraid I cannot help you much without spoiling.
The method is pretty unique, so don’t be afraid to try things that seem unlikely to work.
Now I’m user ‘m…’ I looked at the groups I’m in, probably the most interesting is ‘adm’, lets you read the logs, thought I’ll find there info about how I get to user ‘y…’ but did not find anything (or scanned?) need a little clue, where to move, what to learn. the machine is very interenaya, do not want to abandon it
Could someone give me help? I am blocked on upload.php! Thanks! PM Please
I got finally user.txt!
Any hints for privesc to y** / m** after you get a shell on www-data? I can’t find anything that helps for the life of me
m → y was very exotic indeed. I haven’t found a way from y → root yet. But I guess it must be related to the fact that y and m have different user groups and therefore different rights on the system.
www-data → m is trivial. You don’t need any hint for that.