Official discussion thread for CrossFit. Please do not post any spoilers or big hints.
Hi
Hi
Hi
Any thing found
Spoiler Removed
Two people have user. ■■■■! There goes my chances! ahahahaha
1st blood after (almost) 16 hours! Tough going here clearly - about the foothold, I was wondering about the possibility of contraband on the most trafficked port - would that be possibly a path to follow?? 'Cause I’ve fuzzed this baby like a motherfuzzer!!! And…nada, nichts, rien, tipota and ingenting…nothing to see on the cool horizon of http-land…lost for now - any hint on initial direction?
Is it about virtual hosting
@Cmdking01 thank you!
Virtual hosting is not revealing anything for me at least. Any other pointers?
Attack => *******.crossfit.htb/vendor/
*******.crossfit.htb/vendor/
403 Forbidden error
***.crossfit.htb/vendor/
How is root done after 9 hours of user, rated by two users as piece of cake?
Type your comment> @solid5n4k3 said:
How is root done after 9 hours of user, rated by two users as piece of cake?
They are being funny
Funny like a clown 
Quote from Goodfellas 
They said piece of cake since they realised it’s easy
it seems to me it may be vulnerable to XSS s****t2 i found the cve but i did not find POC that work, any idea?
So, i’m currently logged in with hk, found the vulnerability in sedates. and found a PoC for it but i can’t get it to work. I appreciate any help on that matter
EDIT: nvm! i got it