Type your comment> @chiakheewei said:
Hi, anyone can give me a hint on escalating user privilege?
find some creds and use it to get 2nd creds in some services
Type your comment> @Titan555 said:
anyone can give me hint for initial foothold? I am stuck on bypassing login form…
the most basic thing you can do to bypass web login
w00t w00t!!! i’ll just go ahead and echo so many others on this thread, root is a bit hard to spot, but I was waaaay overthinking it :). A Few hints :
Initial :
If you try some usual basic stuff on the login, maybe something REALLY simple works. If you use tools for that, don’t accept redirects blindly. Then upload something you know will work, then change it.
User : There may be some tools on the box where you can use those creds to get what you need.
Root : strings and check what it does and what else it uses. Then be the bad wolf and fool the red riding hood away from her way to grandma 
If the above is too spoiler-y please bleep it, with my apologies
Thanks for the box @TRX, it was such a treat after all the AD shenanigans.
rooted
thanks for the box it was a fun one with a nice privesc. PM if you are stuck I be glad to help out!
Nice and simple box thanks.
Shame on me as a sysadmin for getting two sets of credentials, and an ‘interactive’ shell as a process user, then wondering for so long… what do I do now.
Doh.
i got a shell, but i’m stuck how to move on
What a wild ride, Thanks for everyone who gave me a hint… It finally good to see practices I’ve seen but never used put into practice, With Root I was not aware that can happen in that way, As always with these boxes i’m always learning something new… Any questions or nudges feel free to PM me
Finally rooted! I learned A TON from this box as a fairly new person to this stuff. Now that I understand it, I get why a lot of more experienced people said this was fairly easy, and I will definitely be adding a lot of this stuff to my standard initial enum in the future. Thanks to @fmash16 for the nudge to get me digging a little bit deeper to figure out what I needed to do!
Nice and straight forward, hacking textbook like machine from start to end. This is my second machine after ForwardSlash where I used OWASP Zap Proxy with the HUD display enabled, spider, active scanner and dirbuster “batteries included”. Awesome, delivered all I needed on a silver plate. Apart from the ususal suspects lice nmap and nc, it was the only tool I needed + some scripting of course.
Rooted!
Needed some hints… Don´t overcomplicate. I won´t share hints because there are enough in previous pages, but if you are stuck, pm me!
@kindominic said:
Stuck at initial enum. I have the login page and the up****.php. I don’t get what type of enum should i run in order to advance. Any hint?
I have also used burp and cant find to get anything useful
You need to be a bit more manual here. You need to find a way to upload your own content.
If you google what you are trying to do, you will find some very helpful things.
ROOTED the box, refreshes your knowledge on some topics.
HINTS:
initial-foothold : try to concatenate
user : look at the basement
root : go your customized path
Can curl be used to upload the file? I want to use it (-F option not -X POST) cause I don’t know what to post in the request, even if I’m looking at u****d.**p. Any hint?
@jiggle The method I used to get root also gave me a shell that wouldn’t let me read files…luckily it would let me change directories and open up a py server… 
Hi,
I’ve managed to upload my payload but, despite enumerating with gobuster, dirbuster, dirb, and Burp, I just can’t seem to find where my payload is.
I did find ‘my****.php?file=*.php.’ but that just takes me back to the upload page.
Would really appreciate a nudge! Thanks in advance
Type your comment> @TheCryptonian said:
Hi,
I’ve managed to upload my payload but, despite enumerating with gobuster, dirbuster, dirb, and Burp, I just can’t seem to find where my payload is.
I did find ‘my****.php?file=*.php.’ but that just takes me back to the upload page.
Would really appreciate a nudge! Thanks in advance
Where are the other images on the home page located? (potentially multiple dirs to check) 
Type your comment> @l4m4l said:
Type your comment> @TheCryptonian said:
Hi,
I’ve managed to upload my payload but, despite enumerating with gobuster, dirbuster, dirb, and Burp, I just can’t seem to find where my payload is.
I did find ‘my****.php?file=*.php.’ but that just takes me back to the upload page.
Would really appreciate a nudge! Thanks in advance
Where are the other images on the home page located? (potentially multiple dirs to check)
Thanks man but i’ve ran through every directory & sub directory and come up with nothing. Clearly I need to brush up on my directory enum skills
Spoiler Removed
Spoiler Removed