Tbh, I cant understand why people degrade others work. I found the “unintential” way in the 3rd hour of this box and was able to get a nt authority/system shell in the 4th hour(learned after some time, it was a 0day). Due to lack of knowledge, I wasn’t be able to root this machine at first while others reached the place where I was, in like 12 hour. I’m not saying that the method I found was not easy, yeah it was pretty easy but you know, HTB’s motto says “think outside the box” so how can you even judge people’s work saying like “this is worthless”, “why are you even trying if you dont know what to do”, “lame way to get system shell”.Many people doesn’t have the background as you “Hall Of Fame” guys.For example, I’m studying atm(2nd grade) and started learning about cyber-security for like 8 months ago.I’m trying to learn about security so bad. I’m spending countless hours, trying to watch every single video , read tutorials, writeups etc and there is no one to show me the way. Therefore, please put your cheap pride aside have respect for others aswell.
@morph3 What are you talking about? who even said that. Everyone is actually saying this box is hard as ■■■■ or that they are getting their ■■■ kicked or saying they love the box or the three at same time and some are saying they manage to root. But no one said any of things you are quoting or anything related to it
@morph3 said:
Tbh, I cant understand why people degrade others work. I found the “unintential” way in the 3rd hour of this box and was able to get a nt authority/system shell in the 4th hour(learned after some time, it was a 0day).
I re-read the thread and the only one you can be referring to is me. Not sure why you think I degraded your work. The only thing I was saying is that SYSTEM is distracting from basic enumeration steps. It distracted you, it distracted me, it distracted all others I talked to as well. Like everyone thought: "I am SYSTEM, there must be a way to get those flags 
".
This statement was meant for the others trying the box and who might get distracted as well on the unintended path. I wanted to save them the pain you and I had staring on NT AUTHORITY\SYSTEM for hours and hours without any real progress at all.
The intended path has clues and hints planted pointing into the right direction. I missed that and there went my Saturday night and my complete Sunday.
On the bright side: It was real fun to just disable AV, enable RDP (although I failed to access it), disable the firewall, start meterpreter shells like crazy, … 
I did not intend to annoy you or degrade your work. If you felt this way only thing I can say is sorry mate.
Ya I can speak for jkr he has helped me allot and only gives you enough he wont spoil it hes a very nice person from the few messages we have exchanged allot of people get flooded by messsages doing challenges and do not get to respond I am one of them the other day I had 28 messages lol
Other than that thanks for your help jkr
That is the most annoying 20 line exploit I have ever written tell me why it took 3 hours lol to write 20 lines of code to pull this off automated to get the callback!
Has the vulnerability for the latest exploit (very very recent) for this been patched somehow specifically on the box? It doesn’t look like the vector is usable anymore. I see many people got root straight which I’m assuming was using this, but for some reason it doesn’t seem to work. Any PM on this would be helpful! Thanks
Not a lot of activity on this box thread… Finally got passwords for 3 users. And still nowhere, still enumerating lol.
@lduros . I´m on the initial foothold. Can I PM you to exchange some ideas? I´m able to run commands in the helpline, but I´m having problems to properly format the command.
This box is kicking my ■■■ so much at the same time I think it might be the best box to date 
@veterano - PMed you. Maybe we can team up!
@sajkox – Totally agree with you, this is an awesome box. I’ve been enumerating for 2 days and it keeps on coming!
Hi guys!
thats my #2 Box to try on.
Maybe some of you got some hints for me? (without spoiler)
I started enum with a names Script but…i guess thats the wrong way but didnt find another exploit as the published one.
Where should i start?
Really dislike this box, even following the required steps to decrypt files, it fails, following fresh resets, the file information cannot be retrieved, the file directory where certificates should be located don’t exist. for example , directory system*********\My is not there, I’ve failed decryption 8 days in a row, even with verified commands that should work. Broken box in my opinion.
@RyanCollins sorry to hear that, i agree the unintended method although possible can be a pain. feel free to DM to discuss. ofc i don’t promise that the intended way is any less painful, but hopefully there’s plenty to learn from the box, whichever route you decide to take
I’m able to run commands as Al**e, but it’s currently in Consed Lange Mode. I’ve been trying to bypass this but with no success. I’ve also tried the shad adm**s, but can’t seem to connect or run commands with either of those.
Type your comment> @egre55 said:
@RyanCollins sorry to hear that, i agree the unintended method although possible can be a pain. feel free to DM to discuss. ofc i don’t promise that the intended way is any less painful, but hopefully there’s plenty to learn from the box, whichever route you decide to take
For sure, going to take a break, after 8 days and 500+ fails, I am at my wits end. Just re-verified my files, commands methods again, this time other steps that succeeded before now fail, even after manually verifying file location, etc. At this point I have given up, will wait for direction and further verification of my method, commands, I have yet have anyone who has rooted the box replicate my steps with the same commands, something isn’t right. xD
I will definitely message you tomorrow, that will be day 9, can honestly say I have never invested this much time in a Box. I finished Sizzle in a few hours… Cheers.
Which wordlist for initial foothold?
I have an exploit for this but haven’t really tried to exploit it as I was working on another one if you google enough you will find it
It is not related to this challenge so I will not state what software its for read between the lines those interested would take care in looking for a medium post as well as a github link.
I am pretty sure though we are operating blind as my script is only allowing for a callback
Forget it.
Ok, rooted, I was making a small error and now I have rooted the box! yay