I really need some hints on this one… I believe I have the proper username and pwd for the app but somehow it is not letting me log into it… not sure if someone is changing the password or what is going on… can someone please PM me? I would appreciate it.

Nevermind… got it. Needed to get used a bit with the app. All good. Got root.

I got user, need help what do do next, like i’ve explored the web application via ftp but can’t find nothing special, neither are some login bypass vulnerabilities. Help

FFS stop resetting the box!!! It’s annoying

Type your comment> @GSock14 said:

FFS stop resetting the box!!! It’s annoying

it is pretty annoying :frowning:

for anyone having trouble finding the password for the login in the file, remember to have a look when the files were last modified.

The password is in a File? Or is it a sign?

Great simple box. Can be a little unstable at times but decent flow between steps, there are probably no hints I could give that haven’t already been given but happy to help people through DMs.

Type your comment> @daniel2005d said:

The password is in a File? Or is it a sign?

The password is in a file. Finding the right file is the difficulty. Google for people complaining about credential storage and hopefully you find the right one :wink:

For those who are struggling with confi****** files . May be youa re looking in to wrong files…

use -la in f**


I couldn’t get connection again to that box via ftp service even I try to do a ping but host is unreachable, I just can see the weblogin.

I don’t know if this is due to many restarting or many people attacking. :frowning:

OMG!! finally got my 1st root.txt. Over think it.
I didnt use RCE though.

Tips for Root:
I re-created the psh script on my local machine. by playing with it, i understood how it works and trial error using various psh cmdlets. Good box.

PM for tips. cheers!

After a lot of researching (noob here) I was able to get the root flag but… Is it possible to get a shell? If someone knows please PM me :slight_smile:

I need some help finding the site credentials. I’ve looked through the c************ and t**d files. I would appreciate a little push.

Greetings. I feel that I’m at the cusp of obtaining root, but might need a little help.
I was able to find credentials and research a potential exploit. I’ve played around with a particular parameter field and triggering it, but it seems that upon trying to use a particular Impacket program to verify said executed parameter, I’m getting a failed authentication message.

Any assumptions or syntax that I should be checking?

Hi, I think I’m close to finding the password for the website but an not sure what to do next. PM’s would be welcome!

looking for help I initially found the c*********** file but dont see any clear txt passwords i believe i found encrypted ones tho but im having trouble decrypting them also i keep seeing people say a .old file is there but cant find that one either. looking for clarity.

shout out to @Nightbane as well as @sckull for the help!

removed by user

@gilf0yle said:
User was too easy, Root was really fun, I’ve learned a lot. Thank you @mrb3n for the machine and thank you @54pp0r0 for helping me on the reverse shell syntax :slight_smile:

PS, reverse shell is not needed to get root.txt but if you insist, try switching all the " to '.

Edit: if you need help, feel free to contact me :slight_smile:

Thanks for the tip.
Rooted finally.