I am stuck on the haha page, i’m trying to analyze the http get and post requests for the file uploads via burp suite, is this the correct direction??
hello there! i’ve found my way using zed. Have a try! 
need help in root section just got shell
Type your comment> @jattion said:
Anyone know how to properly enumerate port 53? Keep getting NXDomain for me. Is it that i need to add something.htb to /etc/host?
take a look at ippsecs video on BANK
Can anyone please give me a ping for help after the Haha part? I have enumerated all the other services I can. I have found both places which list a timestamp but cannot figure out how to put the two together. Greatly appreciated.
at haha with ti** st*** (seems to change on refresh). Enumerated everything and found images that the dasd talks about. I’m not very good with php yet, but I’m thinking there is an rce if I can call a reverse shell instead of that image. Any hints on how to call that file? Or even the image itself? I’m not sure if it’s my code, or if it’s got something to do with the tist that is messing it up? Thanks
Also should mention I’m working through burp. Not sure if I should put my own php in the lower port and call it via php haha to get rce.
-edited durpped and multi-posted sorry.
I see everyone talking about the HaHa page, i have no idea where to find that.
I think i’ve got all the (4) subdomains which there are to find. Checked them all, logged in to one of them, checked the MJ/popcorn, but no HaHa page. Am i missing something?
I saw a hint on another domain, i’m wondering how to find this other domain.
I have found the other domain (without the last word), but i found this by luck, is there any way i could’ve found this with tools/commands??
going crazy with this machine.
found all the 9 sdis
explored them all.
found the s** sha*** :
Fi*** - can’t use
deve****** - can upload there, but can’t use the files via RCE
gen**** - just the txt file there
Explored the dard.php using the 2 parameters. image_id & pagename. Also tried with the 3rd one: ie_ne however nothing comes to be usefull.
used one of the subdomains to upload files also, (however can’t find the file anywhere)
PS. HOPE I’m not spoiling nothing.
Just trying to get some help here, 4hours sleep is driving me crazy ><
EDIT: Got user 
Nice box 
User is too much CTF, but i luv it.
USER
- Understand ippsecs video BANK. Dont forget 443
- If you put yourself in the skin of the developer you will find the LFI. You can fuzz but not needed. Play with the params.
- Once you get shell enumerate the system, mayb you will find some interesting file that will allow you to connect via ssh.
R00T
- EZ. Dont forget that the user is a noob developer. Think about it :blush:
- You just need to see what is running in the system.
PM if you need some hints.
Finally got user
the box is not bad at all. unfortunatelly it is so crowdy
got user in 2 days, root in 30 min
At “Escaping the Friendzone” could someone DM a nudge?
I believe that if I dont get root soon, I will get Friendzoned in real life 
I’ve been stuck on root, I believe i’m attacking the correct vector, can i pm someone?
User shell took about 5h because for some reason I chose not to run a well known script as part of my enum4noobs process and instead checked the shares manually which resulted in unnecessary guessing of stuff related to the next step. Root took about 2h which was mostly spent reading about the concept from a number of blogs.
Thanks for the challenge!
Thaks for the challenge!
Finished it.
Machine creator pushed me (and it helped)) me to learn a lot about LFI and thorough enumeration))). All in details)
PM me if somebody needs a help from noob))
i really can’t find this haha page everyone is on about? any help.
ive got the credentials .
found some interesting things using d*g but can’t work out how to use it.
Got User!
Got to say its tricky.
PM for hints.
Edit 1:
Finally got root this morning.
Root is very simple. Very basic enum will get you to root. Also g0tmilk is a great guide for this.