Official discussion thread for CrossFit. Please do not post any spoilers or big hints.
Hi
Hi
Hi
Any thing found
Spoiler Removed
Two people have user. Damn! There goes my chances! ahahahaha
1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I’ve fuzzed this baby like a motherfuzzer!!! And…nada, nichts, rien, tipota and ingenting…nothing to see on the cool horizon of http-land…lost for now - any hint on initial direction?
Is it about virtual hosting
Virtual hosting is not revealing anything for me at least. Any other pointers?
Attack => *******.crossfit.htb/vendor/
*******.crossfit.htb/vendor/
403 Forbidden error
***.crossfit.htb/vendor/
How is root done after 9 hours of user, rated by two users as piece of cake?
Type your comment> @solid5n4k3 said:
How is root done after 9 hours of user, rated by two users as piece of cake?
They are being funny
Funny like a clown 
Quote from Goodfellas 
They said piece of cake since they realised it’s easy
it seems to me it may be vulnerable to XSS s****t2 i found the cve but i did not find POC that work, any idea?
So, i’m currently logged in with hk, found the vulnerability in sedates. and found a PoC for it but i can’t get it to work. I appreciate any help on that matter
EDIT: nvm! i got it