Alright… I just got Magic rooted, to be honest i did not know that can be done… so many of you say it is easy… not to me to be honest… Thanks to all experts who have hinted and nudged me 
I have learned something new about linux…
Spoiler Removed
Can someone reset box, I cannot submit flag and cannot reset for some unknown reason? Thanks
Type your comment> @solid5n4k3 said:
Can someone reset box, I cannot submit flag and cannot reset for some unknown reason? Thanks
I just switch server when this happens. Someone else is probably on your box and you’ll muck up their progress otherwise.
Anyhow, I cannot submit flag, because it is not valid, so if someone can reset box, I would be thankful.
Don’t remove uploaded shells please ?
@shreyasrx said:
Don’t remove uploaded shells please ?
If you’re talking about the initial foothold.
That shell disappears every few minutes automatically
Type your comment> @solid5n4k3 said:
Anyhow, I cannot submit flag, because it is not valid, so if someone can reset box, I would be thankful.
Thanks for machine reset.
But, my regenerated root flag does not work again. I know new rule from HTB, of changing flags.
If someone have or had similar issue, please contact me.
Thanks
The shell won’t even last that long in some cases especially if you run erroneous commands. Just get a reverse soon after shell.
Nicely balanced medium box. Happy to nudge if anyone is considerably stuck.
Good luck y’all
Type your comment> @shreyasrx said:
Don’t remove uploaded shells, please ?
If possible use VIP server
Type your comment> @myrtle said:
Ah, got
www-data. Enum enum enum …
What can I read about it? Nmap+gobuster/wfuzz/nikto? Does there exist good tutorial for enumeration?
Type your comment> @fr0ster said:
Type your comment> @myrtle said:
Ah, got
www-data. Enum enum enum …What can I read about it? Nmap+gobuster/wfuzz/nikto? Does there exist good tutorial for enumeration?
See old owasp top 10
Might help some others – My foothold did not work until I wrote a script to automate it. I know this IS NOT REQUIRED and this is not the case for everyone, but if you feel you’ve found how to get initial RCE and are trying without success, automate the steps. Once I did, my RCE payload works everytime; before i always got the JS alert popup. Having it in a script also allows for quicker modifications during trial-and-error. I used Python Requests library, proxied through Burp.
rooted! 
Nice machine, enjoyed the user part even if I’ve been stuck for some time.
root has been quite easy but I have to admit I stayed focused on one method because of the many nudges I read on this forum; I finally got the spark once I’ve seen a wget cmd by another user occurring on the machine , so thank you “other user” for the involuntary help!
I am fascinated by people saying this was easy or simple.
Getting the idea of what to attack for privesc is straightforward, but the actual mechanics can be challenging.
I’m struggling turning my initial foothold W**-**** shell into an interactive reverse shell
Can anyone PM some nudges on how to go about this. I have tried all the obvious methods and I cannot seem to figure out what I am getting wrong
@LewEl said:
I’m struggling turning my initial foothold W**-**** shell into an interactive reverse shell
Can anyone PM some nudges on how to go about this. I have tried all the obvious methods and I cannot seem to figure out what I am getting wrong
A lot depends on how you got your initial foothold. If you have a shell you can try to see what commands you can use which will facilitate this - for example, simply changing the version number might work.
Alternatively, you dont need to get a reverse shell. Your command injection can allow you to update a file which grants you access.
EDIT - this may not be true. Just double-checked and now I can’t recreate the required privs. Sorry.