I got root… however im kinda confused why the route i took worked. Anyone i could message about what I did?
kinda need help on root…trying to get the important file without pspy…any hints as to which area to look for? tried g0tmi1k’s priv esc guide, but i think i might be missing something
Rooted!! Finally.
The user part is very CTF-like.
Concentrate on your digging and you should be able to get it.
For root,
g0tmilk has your back.
PM for hints. happy to help
i get root =)
Thank you to @okipower and @ZaphodBB
=) =)
I’ve enumerated DNS and found four subdomains of the particular TLD but am unable to find any more than that after doing zone transfers on localhost and the primary TLD. Also attempted zone walking, cache snooping, subdomain/TLD brute-forcing. I have the creds to the admin panel that is “under development” and can’t seem to get any more leads.
Managed to get to haha, see the parameters. see where the images are stored. see two places where I upload, uploaded to both, however can’t seem to get LFI working correctly. Seems like its a path, null byte, or filetype issue. could use a PM for a Hint.
Edit: Finally got user Thanks to dividesbyzer0 absolute path is a must. just dont over think it
I’l love a PM for the exact same issue as Ghostwalker ! 
I’m a bit stuck on the parameters. I understand that this should be absolute but can’t find a way to make it work for the moment. I’ll appreciate a PM for a Hint on that part.
Edit : Rooted. Special thanks to @ST0RM123494 and @Charkh !
User : don’t go to far and go absolute
Root : As already said, just don’t over think it and trust yourself. Sometimes the box could also be used by others, this meaning that you’re challenging the same resources. Be patient on that. Feel free to PM for help.
Can someone PM a hint on the Directory Enumeration. I’m definitely missing some using the wordlists i have. I’ve already done the Z*** T*******. and have added them to a certain file so they are accessible. I’ve found alot of the stuff that is showing up in the hints but i’m definitely missing some stuff from step 1… Appreciate the Help!
Is the box abnormally slow for anyone else?
need help with root, i know what to do its just not working ughhhh
Finally got root! Big thanks to @N30C0UNT for the hints!
So I need some help, I have all the s** d****** by using d**. I change the h**** file but it doesn’t work. I am not great with networking stuff. Could someone PM to help out.
Rooted. That was such a CTF-style box… getting user and root was pretty straightforward, no fancy trixy moves needed, but getting user was kind of annoying at the beginning xD
Did all the ports review I still didn’t get accepted.
Tip please
Anyone willing to help me. I see the admin login page, the upload page, hoooooman still no Haha page
I have the creds.txt and can see where to upload and the directory it might be.
edit: found the haha page
■■■■ , I wasted 1 day just trying to catch my shell , indeed the hints are all in the brazilian dance enumeration, pm only if you wasted too much time and can’t figure it
I can upload malicious file on up***ds subdomain .but I can’t find it. Need pm.
god. stuck root.Has reached the final step, do not know how to trigger the re**rt.
god. maybe re××rt is root automate or need I manual