Type your comment> @Faelian said:
Obviously, I find what I am looking just after asking for help ?.
Search for OWASP documentation about file upload. There are some strange configuration about what get to be executed on a server.
■■■ that is literally the dumbest thing I’ve ever seen. Wasted like 2 hours on this one 
So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts but I still get the Permission Denied (publickey) error. Any thoughts?> @a3n3a said:
Type your comment> @unethicalnoob said:
Type your comment> @schizo said:
is it normal to have
theseus@10.10.10.185: Permission denied (publickey). ???
stuck in www-datagot a USER !!!
Hint: use alternative wayCan you DM me the alternative way? can’t get past it
Whatever you find, keep it, and use it. (:
So i know the username and have tried adding my key to the authorized_keys file, also tried known_hosts, but I still get the Permission Denied (publickey) error. Alternatively tried using locate .pub to identify any accessible keys from RCE and tried these as my own as well. Any thoughts? PM?
Type your comment> @unethicalnoob said:
Stuck with Root…found the interesting binary s*****o but unable to figure it out…Can somebody please help?
Understand what all commands it execute
Type your comment> @c1black8 said:
Hi All. Working on root. When trying to upgrade the shell, it seems I am now getting an error that won’t allow /bin/sh commands. Anyone having that problem or know how I might be able to get around? This was not an issue for the last few days.
I’m having the same problem. And when I try to execute any commands using the shell type i get cannot open xyz binary:
root@ubuntu:/# /bin/sh echo hello
/bin/sh: 0: Can’t open echo
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?
@flymomike said:
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?
NVM accepted both flags when I tried a different way to enter them
Type your comment> @flymomike said:
@flymomike said:
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?NVM accepted both flags when I tried a different way to enter them
Just out of curiousity, would somebody mind giving me a nudge how you would get round the login page at the start without using some of the more common OWASP top 10 gotcha’s, which I obviously used.
huh, the first part was hard, but also it was a great machine, I learned a few things, also thanks for the great hint @choupit0 and thanks @TRX for this box. 
Thanks @TRX for the exciting box. Definitely made me feel dumb at some points, but in the end it was a lot of fun.
Thanks to @helichopper @akshanshshri for the hints
PM me if you need a hint!
Hi All,
Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user 
Thank you.
Type your comment> @lightfu said:
Hi All,
Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user
Thank you.
I’ve sent you a message with some tips
Type your comment> @sqw3Egl said:
Type your comment> @lightfu said:
(Quote)
I’ve sent you a message with some tips
Thank you, and @Gfowler, so much!! Got the user now, onto root…
Argg
i do not know the stuff for root, spends hours seeking all process.
But what a fun box, i learn lots of things, even for the Rabbit holes
PM for nudge are welcome
im stuck at root
found the S.Bin
string it
but its a bit confuse.
can anybody pm me ? thx
edit: rooted !
thx for the nudge @cY83rR0H1t
Given all your comments, I must be doing something really stupid or not seeing the obvious, as I am struggling to get a foothold. I have tried 'bypassing ’ using Burp Suite and use of the ‘curl’ command but without any joy. As a nube, please can someone DM me and shed some light on what I should be doing? Thanks
I think I have the way but I am missing something critical. I can reach the desired foothold page via curl and burp repeater but am unable to interact any other way. Any nudge to get me past this bump will be greatly appreciated.
Edit - Got it. Just had to ask the question.
found SU*D file S*****o (may be intersting)
use pspy64,but can’t found anything.
Need some Tips,Please PM me,thanks.
get root.txt !!!hahaha
Spoiler Removed
Nice box, I was amazed on the first foothold, so simple I nearly didn’t take into consideration to try it…For the Root part I really wasted some time because I forgot to export path xD
TBH some of the tips in this forum are so cryptic it feels like trying to understand klingon.
Here’s a few of mine, maybe it helps…
Initial foothold: it’s a login form, think basics, don’t over complicate it
User: It’s pretty straight forward, it’s not the first and neither the last machine vulnerable to this… even a monkey could pentest it just don’t forget to sign your magic.
Root: Honestly this is a bit harder and not all the information you find online is gonna help you that much… To begin just search for what binaries a user can execute then start digging into them and see which can be exploited and how. #suid
can some1 pm me for user please?