Can anyone PM me ? I would like to consult something about first step in the old fashion way…
NWM, got a hint, will try to figure out myself…
If anyone could give me a nudge, I’ve tried using op***** to do things with keys and tried using multiple different ways of doing it and keep getting the “need a client cert” error.
Can anyone PM me about exploiting the machine with help of capabalities?
Please can anybody help me a bit ?
I did what was necessary and I am at the https part of the web. But if I try anything, the https server crash 
Type your comment> @PavelKCZ said:
Please can anybody help me a bit ?
I did what was necessary and I am at the https part of the web. But if I try anything, the https server crash
It happens with everyone ???this box is buggy
Could someone please PM for hint on root? I am completely lost on this one.
Finally got user. But only user.txt
Anyone can please give me a hint where to look for password for user ssh shell ?
Type your comment> @haqpl said:
I don’t understand ppl who talk that root is not about privileges, it is all about privileges of the home directory rather than files!
Pay attention on this hint if you wanna get root.
It’s about the roots of unix.
A note for people having issues with the certificates, what resolved my issue is after applying the certificate in my browser I had to close the tab for the settings and restart the browser.
Finally, I also got proper ssh shell.
But I must say that the way to obtain the ssh shell is a bit “unnatural”. 
Hello :)) could someone PM for hint for root? thanks!
edit : just got root! Thanks @r0t13weiler, @radualexp, @AzAxIaL and @Zeroice28 for all your help ! 
I found this box teaches some valuable lessons - particularly the rule about Linux file permissions that priv-esc teaches.
Also found the enumeration steps surrounding the website to be essential skills for anyone attempting bug bounties - as SSL certificate inspection forms a large part of open-source intelligence gathering.
Some steps were painful though - so do feel free to PM me for hints.
I can generate the thing, using the info from abroad, but it’s still rejected by the server. Could someone DM me a sanity check for my command syntax?
Edit: sorted. Either a reboot or removing proxy settings sorted it.
I just found the application on web ports , and just checked there’s a v0.9.* on another port, and I got the key I wanted. Just get to sign it, but after sign, the browser is still not recognize my ****, cannot login. Help wanted.
Rooted the box yesterday. A good box, although I found getting user much harder than escalating to root. Learned a fair amount about PKI in the process though.
The box was mostly stable, other than the issue with having a \n during the LFI stage bringing down a service.
Hey all, I am curious to know how to solve this box while avoiding https. I have an idea just want some clarification to learn
I rooted already btw
Type your comment> @nspagnola27 said:
Hey all, I am curious to know how to solve this box while avoiding https. I have an idea just want some clarification to learn
I rooted already btw
Same here, I’m not investigating it any more, got user using https path, but I’m still curious
Help please. Trying to figure out whats next after i get the c*.k**. I tried using it against one of the services enumerated and it showed invalid format. Tried another recommended link to create a cr and get error messages doing that. I really don’t have a clue what to use the c.k** for. I’ve been stuck for days with this now and just need a breadcrumb to move forward. Thank you.
edit: overcomplciating things, rooted
PM hints for root, anyone?