hIm I’m in stuck in the enumeration… I cannot find anything useful 
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!
It is super annoying for me. I tried common passwords, i tried custom keywords and connection is super slow
@dmknght said:
@p5yph3r said:
hint if you are on the login screen , username and passwd are both visible to you.
i got it in the first attemopt, silliest passwd ever seen by me on htb,
also the file upload is a not working, nor can we create a user…
as said by sir @3mrgnc3 we have to enumerate more …!!!It is super annoying for me. I tried common passwords, i tried custom keywords and connection is super slow
I’m in the middle of this box completion and IMHO taking user is if not tricky (technically indeed not very tricky) then definitely very misleading. Box underrated in terms of points. 40 points would be way more correct here.
I definitely see the difference but cant figure out how to execute. Maybe tunnel vision at this point. If any one can DM to compare results, it would be much appreciated.
oops …!!! admin delete ie
hahaha… @3mrgnc3
I posted a spoiler by mistake, then reported it …
I was asking #admin
to delete the #SPOILER MSG
@p5yph3r said:
hahaha… @3mrgnc3
I posted a spoiler by mistake, then reported it …
I was asking admin
to delete the spoiler MSG
I know :lol:
Found the login, entered credentials, unable to get a shell.
The upload (file or plugin) is not working.
Any hint? D:
Nice machine !
Do you even need to get user shell to move to root shell? I have been trying to get to root for days. I have been the user shell for most of that time.
Finally got it!!! Once the tunnel vision cleared I was good to go. Thanks for a great machine!
Very delicious mayonnaise. I’ve learned many new things with it. Respect the makers. May I know how the machine name is related to the local user name or how it’s being like a hint ?
can someone PM me please this box is driving me insane, ive enumerated both things i found but cant seem to find what i need…
Am I on the right path if i’m getting “You Shall Not Pass!”?
@sheeets said:
Am I on the right path if i’m getting “You Shall Not Pass!”?
If I remember correctly, that’s a ddos protection response. e.g. after X requests in Y time, you get that reply.
@drtychai said:
@sheeets said:
Am I on the right path if i’m getting “You Shall Not Pass!”?If I remember correctly, that’s a ddos protection response. e.g. after X requests in Y time, you get that reply.
brute force protection
@macw141 said:
@drtychai said:
@sheeets said:
Am I on the right path if i’m getting “You Shall Not Pass!”?If I remember correctly, that’s a ddos protection response. e.g. after X requests in Y time, you get that reply.
brute force protection
Yup. That makes more sense 
@0d1n said:
Finally got it!!! Once the tunnel vision cleared I was good to go. Thanks for a great machine!
Glad to please 