Im having an issue where the machine says it is online, but I don’t see any IP addresses…
yeah that’s exactly what i did and it’s working now 
1 Like
Lol, I’d love to play too. If only someone would be kind enough to send me the IP address because right now it’s nowhere to be found…
Everyone has their own instance in the release arena, the only way is from the website 
1 Like
Just finished it. As everyone here says, this was quite a fun box with multiple ways to pwn. I specifically liked that it also acts as a nice playground to test your scripting skills.
Foothold: take your time with the application, find a way to leak stuff (don’t forget about how processes work in linux). Once you have look @ the app & understand it. Test multiple endpoints maybe you’ll find ways to forge OR Indirectly Do get access tO otheR’s vaults
User: ssh is your friend, check running processes. Can you see them locally or not?
Root: dev_admin seems like a good developer, he uses python virtual environments
I would also like to point out that I had problems with the UI: the box is being active only in /machines/532 and not on the seasonal /competitive/ UI. This resulted in not being able to stop/start/reset the machine or submit flags. Props to @nga1hte for sharing how to submit flags in this context – don’t forget about the Content-Type tho ;))
@0xdf never dissapoints, cheers 
Could anyone PM a hint?
Trying to get some help on this box can anyone PM me?
Thanks in advance.
Of course, I sent you two a message 
Could anyone PM a hint?
please PM a hint,thanks
Please PM a hint
Hi All,
I’m stuck at the very beginning of this box: I’ve done my nmap (including UDP), and I’ve got an empty website (default nginx site). I’ve wfuzzed both subdirs and subomains (xx.agile.htb) without success. Is there a problem with the box?
Thanks!
Hey @lim8en1 , I got the user flag but I am stuck now can you please give me some hint for further progress…
1 Like
You can try using the api. Try to spawn the box, intercept the request with burpsuite or whatever and change the word “start” to “reset”.
Same for setting flags. Just use the api directly if the website is broken.
Anyone having any issues getting the site to load? The machine is up and I can run nmap scan on it, but when I try to go to the site itself, the connection times out.
Need some hint for the foothold. I have scan the machine and tried g* b***** and S**** .
Rooted! User → root has some rabbit holes so be careful. Getting foothold/user is tricky and takes some chained techniques. Definitely a medium level box. Thanks to @Paradise_R for the help! Open to PMs for hints.
2 Likes
Yeah DM
1 Like