rooted … need hints ? Msg me on discord icoNic#0097
Can anyone give me some nugget about how to use that a**? Nothing seems to work…
Rooted.
I really enjoyed the journey but got a bit put out when I realized that my X*L exploit was not actually required. It seems strange that there were two ways to get the info for the initial foothold, a short and simple one and a long and complex one. Mind you, I learned a lot by going the long way round.
Rooted. Really hard and beautiful machine.
A lot of hints are already present in the thread, I add only few things:
-Yes, there are badchars but the rest is good
-For the last step of root you can do it without the terminal 
Thanks to the creators.
I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated
@Brogramm3r said:
I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated
Have a think about where these files would be stored in a normal Linux filesystem then with a bit of trial and error you will get the folder name.
Start by working out which folder contains files to which the Linux system writes data during the course of its operation.
Then it normally has a folder which serves as a home for things posted on port 80.
Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset… Any hint?
@Profhacker said:
Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset… Any hint?
I am not sure what you are asking about here, so I am going to hazard a guess that the hosts folder needs to be updated.
So after some headaches, I have to say the box is straight forward and I would rater rate it medium.
For initial touch,…as many already wrote…enumerate, find the obvious and abuse it
from shell to user…well yea…timing is everything ;D
from user to root…well that’s a bit tricky and was for me the complicated part…you just have to break it…it helped me to add some prints and play around with the file.
the last step was pretty easy and quick as its kind of obvious (basic enumeration)
And please use the last command you can run as sudo or at least reset the box 
Type your comment> @TazWake said:
@Profhacker said:
Am i supposed to notice anything after redirection to f***********.*** ? Page seems to be dead even after a reset… Any hint?
I am not sure what you are asking about here, so I am going to hazard a guess that the hosts folder needs to be updated.
Thanks!! I was being stupid! I did not have to change that file up until now…probably this is required to proceed with the box!
Type your comment> @Brogramm3r said:
I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated
I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.
Any hints anyone ?
@wantsnewsocks said:
Type your comment> @Brogramm3r said:
I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated
I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.
Any hints anyone ?
Same as last time ForwardSlash - #166 by TazWake - Machines - Hack The Box :: Forums
Nice box, but its not hard, maybe medium
Am I wasting my time trying to abuse this broken f** login in i***x.**p?
@Brogramm3r said:
Am I wasting my time trying to abuse this broken f** login in i***x.**p?
It depends. If I’ve read it correctly, you are looking at the file which gives you what you need to get access.
Some skids change the password of c*** plzzzzz stop that sh********
need a push since my “permission is denied; not that way ;)”
no idea on how to go over it
@Nt3c said:
need a push since my “permission is denied; not that way ;)”
no idea on how to go over it
With PHP, you can apply a filter which lets you bypass this.
Type your comment> @TazWake said:
@Nt3c said:
need a push since my “permission is denied; not that way ;)”
no idea on how to go over itWith PHP, you can apply a filter which lets you bypass this.
got it 
Thanks @TazWake and @cY83rR0H1t
Can anyone provide me with a nudge. I can read files, but I haven’t found a way to execute code yet. DM please!
Update: Thanks @cY83rR0H1t for pointing out the not so obvious place to look for code in progress/development!