Finally got around to playing with this one.
I was overthinking the initial foothold with some proxy setup but it was really simple.
The lateral was also normal enumeration.
The privesc was very fun 
If someone needs a hint, DM me.
See you on the next one 
Pretty sure thereâs an unintended privesc method.
root easy mode
root slightly more difficult mode
Both are similar but one doesnât involve the boxâs namesake.
Cannot connect ssh 
Unrelated. Reset the machine.
Rooted. Iâm still confused as to what the actual vulnerability is, can someone PM me any resources to read up on it.
Rooted!
Initial Access: Try to identify how the application prevents malicious acts; what sandbox uses; are there any vulnerabilities in the used version?
User: Now you have initial access. Move in the box. Where can website data be stored?
Root: There is a bash script. You can do something wild! Challenge your scripting skills!
1 Like
I think i have found your script at home directory someone left there 
It automates wild method people have been takling about and makes privesc super easy.
Is the mysql backup a rabbit hole?
Forget it. It wasnât a Rabbit Hole
having trouble with establishing a foothold on machine. i usee a module in metasploit but a session faiils to establish
I get a reverse shell but it exits automatically. i donât understand why? did someone face the same problem?
Great beginner box. As always, enumeration and your Googlefu will be your greatest asset.
Foothold: Itâs blocking some things. Maybe thereâs a way to bypass it.
User: Enumerate the filesystem. Once you find the file, look inside.
Root: Find out what special things you can run and look at the contents. The exploit is WILD but once you discover it, you can use it to FORCE out some information.
i am able to ping the machine but i canât access the web page. Any idea what i am doing wrong
1 Like
I was able to go âWILDâ. Now I am supposed to see the ROOT password in the process list.
However, all the commands like top/htop/ps -ef/ps aux/ - all of them do not show the password and mask it instead.
This is what I see:
/usr/bin/mysqldump --force -u root -h 0.0.0.0 -P 3306 -px xxxxxxxxxxxxxxxxxxx sys
What is wrong with this machine? I like this level of security, but not in this situation :0)
Thank you for this challenge! 
FOOTHOLD : matter of jailbreak
USER : enum and crack
ROOT : find the magic symbol and observe execution
Cool box, but some of you need to learn not leave your solver scripts everywhere. Got the user flag, noticed some interesting python code named âscript.pyâ and by the time I realized what Iâm looking at the privesc part was spoiled Do you leave web shells around in a real engagement as well?
Running nmap returns no open ports⌠Whatâs going on?
Nevermind, reset the box itâs working now.
add to /etc/hosts
the box seems very unstable. commands in the Editor are only getting through once in about 3 times, and also revshells are lost within 20 secondsâŚ
what can we do? ( machine reset gets downvoted)