any hints to root? Thanks
tried wfuzz ??
1 Like
Can try checking the website to make sure you are fuzzing the correct host name
yeah we did
the correct host name ? hmmm we will try one last thing
Finally managed to get past the vhost enumeration bit 
. At a bit of a dead end now but feel free to DM me if anyone needs a hint getting up to that point.
Can someone give me a hint ? i dont know how to reverse shell the website i generated :((
any hints on enum? tried ffuf,gobuster and wfuff.
I found it with ffuf. If its not working, double-check that you added the correct values to your /etc/hosts file. That’s what tripped me up.
1 Like
PM me for help 
guys, i discovered a webpage where i can inject code trough php scripts. I tried so many commands as nc, bash, sh and no one of theme work for me. any advices
Officially one of the cool kids 
Took me WAY too long to find the user credentials but once I did I had root in about 3 minutes. Excellent easy box, lots of fun!
Also if you’re stuck feel free to DM
3 Likes
Wow. I wasted so much time on the first foothold. The webserver, and therefore port 80 on the machine was down for whatever reason. I was getting lost in the sauce trying to exploit the ssh connection for a good hour before a machine restart initiated by someone else revealed the issue 
I found the vhost and the CVE. Where I found the user/pass to login? Suggestion please
try something which is being generally used to test login functionality.
I managed to get RCE as the user running the webserver, but now I am stuck at user enumeration to get the user’s password for SSH access (the username can easily be enumerated).
Some posts already say that this could be grep’ed off some directory, but I searched around for hours and did not find anything.
Does anybody have a slight hint what to look out for?
1 Like
FINALLY:
Do you want to get the root or user flag?
User Flag is where I am stuck, sadly. According to the other comments, root should not be a problem, but for the user
Maybe your ufw is blocking, as mine was