Finally \o/ thanks to all who have helped. I’ve learned my lesson about vpn’s and reverse shells and to rt-mother-fuckin-m!
Hi all,
If anyone could give me a hint that’s be great. I’ve gone through all 29,000 lines of the P*** C**********.d** file and can only find a username and passwords encoded somehow (can’t identify the method). I’ve tried a slew of other obvious password types and have looked at every xml, txt, dat, bak, etc. file I can get my hands on but no luck!!
Enforced password timeouts are annoying. I guess most people come up with ways to remember them more easily.
can someone pm me right now? i think i know what to exploit (for the root) but of course it should not be posted in here. 
p.s. port 80 connection drops most of the time 
Hello!
What is the next step after we use the exploit to create another user in administrators’ group?
Thanks in advnace
There is literally a YT video that displays the user and root flags, so annoying. This box was a tad of a pain. Too many resets.
Just Rooted finally, this is my first box ! Took a lot of patience and never gave up. PM for hints & help
First box here.
rooted.
-
user is really easy.
-
root you have to be crafty, try to install the software on a windows vm to see how it behaves, when searching for the password make sure you are seeing hidden files and folders, pay attention to dates, once you are able to login in the webapp have a look at the notifications.
good luck
I think i have picked maybe the worst box for my first ever pentest!
I have been trying to get a shell at the machine but i am slow, and by the time i get where i am supposed to go, machine reboots or something…
so i gave up on the shell idea.
went with the cve, but i am confused with the cookie thing.
The cve says to login and grap the cookies. easy right?
yeah right, easy for you!
script has a GA_1=XXXXX something, GA_1.2=XXXXXX something,
and,
OCTOPUS=XXXX something like that.
In my cookies i only see the OCTOPUS thing.
can someone explain in a newbie way how I am supposed to get those values and pass it to the script because i dont see them???
PM or here all welcomed.
Finally Rooted! Thanks for all your help guys!. PM if need help.
Hi all, someone can help me? , Root is a bit difficult for me
@Ah4b said:
Hi all, someone can help me? , Root is a bit difficult for me
You need to look software version and their vulnerabilities You can find it on google
I’m stuck in the final step 
Hey all,
Looking for someone who can help me out.
Got user np, but struggling to move forward with root. I’m looking for credentials in certain files and could use a bit of help.
edit: got the creds, just want to say to make sure to look over every file that may be relevant.
edit 2: Got root! Thank you everyone in the thread for the hints. Wasn’t too bad, learned a lot.
What’s the next step after you use the script to make a pen***t **er? Thanks in advance.
hey Guys, this is my 1st EVER , I am out of my depth here, found user and i know about the CVE, but i cannot login to the webapp
any help appreciated
ROOTED
great fun, my first ever box
So working the retired machines: Ok. User was easy. Found the needed pass. But somehow the CE does not work. Neither manually, nor via S*****sp*** script. It says execution was a success (u**** created and added), but it does not work. Manually does also not work, I can’t even make a “New-item -Type directory” in the P****c folder.
@mphi said:
So working the retired machines: Ok. User was easy. Found the needed pass. But somehow the CE does not work. Neither manually, nor via S*****sp*** script. It says execution was a success (u**** created and added), but it does not work. Manually does also not work, I can’t even make a “New-item -Type directory” in the P****c folder.
The good thing about retired boxes is that you don’t need to worry as much about spoilers - largely because there are already lots of walk throughs.
Have you been able to log into the web portal? You can use that to execute code.