I’m confused…
I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?
Am I missing another service to auth with?
Type your comment> @s1lence said:
I’m confused…
I have retrieved the credentials from the alternative service. I then proceed to authenticate using these credentials on the obvious http service but now do I just use the well known unauthenticated RCE exploit against this service lol? Isn’t that a bit counter intuitive?
Am I missing another service to auth with?
Could you PM with some guidance on this? Thank you!
Can someone give a a hint for privEsc? tried d****C** but didn’t worked.
EDIT:
Rooted, didnt noticed i rooted because got NO prompt that the exploit was finished.
I will post here a tip that I would have loved to read 2 days ago for root :
If you tried to run something and expected a root shell to pop, but for some reason it didn’t (shells were particulary tricky for me with this challenge and I wasted a lot of time with it), maybe it is OK, maybe you don’t need the bash. Maybe executing stuff as root is enough, and you can adapt your tests according to this.
I am a total noob and I need some help. I have done searchsploit on HelpDeskz and found 2 exploits sql and arbitory code excecution.SQLmap said there are no exploits and don’t know how to get arbitrary code execution. I have also looked at the source code of node.js and could not see any exploits. I am now very stuck and would very much appreciate some help.
Im needing assistence with this Box please.
I know ive got the right path and the correct exploit.
Can someone please dm me , i cant run the exploit in the intendend way.
Any help would be great 
Got the user RCE working really well now, been stuck up on root for a little while though. Trying to avoid using k****l exploit.
Hello,
Can some one help me with root !! Please 
I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message
could I get some help on getting a shell? I have looked at the GitHub code for the webbap … I have the exploit but just cant get a call back … im sure it somthing stupid that Im missing
Type your comment> @herapen09 said:
I am stuck for a week. can someone give me “hint” how to upload r****** s****. I always got “CSRF” message
I’m lost…need HELP
Hello everyone, just rooted this box but not without the help of this great community. If anyone needs help you can PM me. Hints hopefully without spoiling, for the script to run you need to find 3 parameters and time travel is both back and forward in time. for root linenum and searchsploit your way to root.
I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.
Type your comment> @FlompyDoo said:
I am able to find my file if it’s a jpg or txt. But I can’t get around the file type filter. Tried using Burp but that captcha is screwing things up. I feel so close. Any help would be great.
Don’t believe everything u read 
PM me if you want hints on 3k port - Also I need help on using the user account and the scripts, they (and my other enum) are not returning as expected.
I am trying to get user using the authenticated exploit (S** I********) having the creds, but it does not seem to give me the expected results. Did anyone tried it recently and had a good result with it?
Spent hours on this box, and I can’t even get the credentials through the high port. Please PM with any help
EDIT: Finally managed to get user and root. Thanks to @JGruloos @ghost0437 and @CyprusDonkey for the help.
Only managed to get through the unauth way. Would appreciate a PM on the credentials part though. At least just how to the endpoint on the XXXX port
EDIT: Got user and root.
Some tips:
User
Root
Very tricky box. Rooted
Spoiler Removed