Rooted. Thanks @dragonista for the nudge.
Hi, Iām stuck in user2.
I found a good candidate to be user 2 with interesting rights, I think I found the folder how to search, but I donāt know what I need to searchā¦
Can I have a nudge please ?
Edit: I did succeed to be root 
Hi,
I rooted the box but Iād like to talk about it with someone who rooted it too, maybe compare notes.
If someone could reach out over DMs thatād be nice.
Thanks!
Just rooted. Very fun machine and very easy if you are familiarized with the techniques/tools.
There is enough hints I guessā¦however, as I saw some people talking about using grep and similar in order to escalate, I should say that this is not necessary. There is a much more straightforward way to get there. Linux can be pretty naughty sometimes 
Could anyone give me a nudge on user please? Iāve found the ad*** page, lo*** page and logged in as eg****, but nothing more. Really appreciate all your help!
@tonyrahmos said:
Could anyone give me a nudge on user please? Iāve found the ad*** page, lo*** page and logged in as eg****, but nothing more. Really appreciate all your help!
When you log into the ad*** page you get some useful information. You can use searchsploit to find out what you need to do to exploit it.
Type your comment> @TazWake said:
@anijack said:
Some problems with question in module Web Requests, section POST Method
Written: āThe admin credentials are admin:password, which lets us into the dashboard.āWhere is this written? I dont recall them being the credentials for anything on this box. If it is a default set, then you need to find the correct ones.
But this credentials are not suitable
You can create your own.
Anyone is facing the same?
No.
I think @anijack is referring to the HTB Academy (academy.hackthebox.eu) and not the Machine named Academy. Iāve come across the same issue as @anijack has. In the academy module Web Requests on page 7 is a question which doesnāt seem to be clear enough or doesnāt align with the context given in the page. Itās bugging me for several hours now. Iāve a good understanding of web request and have already finished all questions, but this one doesnāt let me finish the module.
@anijack, did you figure it out already?
@killabie said:
I think @anijack is referring to the HTB Academy (academy.hackthebox.eu) and not the Machine named Academy.
Ok - that would make much more sense. Thanks.
Hi @TazWake , thanks for your response. Thatās the point, I donāt know how to get credential to login to the ad*** page. Could you give me a hint?
Type your comment> @tonyrahmos said:
Hi @TazWake , thanks for your response. Thatās the point, I donāt know how to get credential to login to the ad*** page. Could you give me a hint?
If you burp in the making then perhaps you might see some crucial information that you can manipulate
Hi @acidbat. Could you check my message for a little help? Thanks a lot!
the MS* shows only exploit completed, but no session was created, i provided the app_*** and input rh**** with machine IP, what did i miss?
Type your comment> @hactaryan said:
the ms** shows only exploit completed, but no session was created, i provided the a**_k** and input rh**** with machine IP, what did i miss?
fill out all options (except 1)
Type your comment> @acidbat said:
Type your comment> @hactaryan said:
the ms** shows only exploit completed, but no session was created, i provided the a**_k** and input rh**** with machine IP, what did i miss?
fill out
all options(except 1)
well i leave pro**** and VH** default, no idea what to do
Type your comment> @hactaryan said:
Type your comment> @acidbat said:
Type your comment> @hactaryan said:
the ms** shows only exploit completed, but no session was created, i provided the a**_k** and input rh**** with machine IP, what did i miss?
fill out
all options(except 1)well i leave pro**** and VH** default, no idea what to do
Think of were you had to go to enumerate the info you obtainedā¦
You already typed it to enter the page 
maybe it belongs to one of the options you left outā¦
Type your comment> @acidbat said:
Type your comment> @hactaryan said:
Type your comment> @acidbat said:
Type your comment> @hactaryan said:
the ms** shows only exploit completed, but no session was created, i provided the a**_k** and input rh**** with machine IP, what did i miss?
fill out
all options(except 1)well i leave pro**** and VH** default, no idea what to do
Think of were you had to go to
enumeratethe info you obtainedā¦
You already typed it to enter the pagemaybe it belongs to one of the options you left outā¦
thank you!
Rooted! Pretty fun and refreshing box.
here are some hints~:
Foothold:
Enumerate the web application carefully. Pay extra attention to the registration procedure. Once you get pass this step you will have enough information to get on the machine. Donāt forget to give your tool some too:wink:.
User1:
Pay attention to the output of standard enum scripts. Users are lazy on this machine.
User2:
Standard enum scripts will help you too. Remember this is a real machine, with real users on it. Maybe you can spy on what they have done:hushed:.
Root:
gtfo.
Hopefully this isnāt too much. Have fun!
Iāve managed to get myself into a secret place with permissions I shouldnāt have, and Iāve uncovered some information about work that hasnāt happened yet. It refers to a specific place where this pending thing needs to happen, but Iām not clear on how to get to that place. It seems like a subdomain, maybe? But I havenāt been able to make use of this new information and I think Iām overthinking it.
Type your comment> @leadOctopus said:
Iāve managed to get myself into a secret place with permissions I shouldnāt have, and Iāve uncovered some information about work that hasnāt happened yet. It refers to a specific place where this pending thing needs to happen, but Iām not clear on how to get to that place. It seems like a subdomain, maybe? But I havenāt been able to make use of this new information and I think Iām overthinking it.
you might want to edit your hosts file to resolve the domain
like 10.10.10.10 example.com subdomain.example.com