@sudozeus said:
Does the email actually send for the verification part? Im confused about this because i have never received one. .
Yes - if we are talking about the same service.
i have the exploit but in order to “activate” it i need an account.
Are you sure you used the correct address?
I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where. I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.
A fantastic learning experience and great setup!
@redeyehal said:
I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where.
If you visit the page, the information is there.
I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.
Dont focus too much on tools. Opening a site in a web browser is often very effective.
Rooted. This was a nice fun machine, but it did highlight a serious problem that is very common. @ippsec, great machine, and looking forward to many more.
Anyone needs a nudge, feel free to DM me.
pm me for hints
rooted, if anyone struggling with the cat: just do it like ippsec would do…
pm me for hints
Is p8065 meant to 404?
Type your comment> @netbanger said:
Is meant to 404?
lol, all i had to do was ask the question
@netbanger said:
Is p8065 meant to 404?
nope.
root@Delivery:~# whoami; id; hostname
root
uid=0(root) gid=0(root) groups=0(root)
Delivery
User was tricky for me (hints here should be enough).
Root was easier and I guess I’ve get it unexpected way.
There is several ways to get root 
Great machine ! Lots of fun and learnings rooting it.
The foothold/user was a good lesson of something I have to improve : reading and digesting everything I see.
The root part was also great because it taught me something I had never done before.
Thanks @ippsec
Looking over all the hints and doing everything I could think of when getting a foot hold and still can’t get it. Can someone give me a nudge?
Got user! Looks like I’m just a little too impatient haha working on root now…
@betastonework said:
Looking over all the hints and doing everything I could think of when getting a foot hold and still can’t get it. Can someone give me a nudge?
Look at what you are presented. Raise the thing it talks about and use the response to log in. Then you have some things you can play with.
User was annoying, took a while to figure it out. HMU is you need help.
Spoiler removed
Rooted… Oh my… Dont forget about su lmaooooo.
root@Delivery:~# id
uid=0(root) gid=0(root) groups=0(root)
Hi guys, thankful for the hints, was able to raise a t***** and log in using what was presented. I need a bit of a nudge, am I going in the right direction by uploading a certain php file on the h******* and so on (trying to not spoil anything here) or am I going doing a rabbit hole again? Would appreciate some guidance! EDIT: Thanks for the nudge @Obtru3sion and @TazWake , tackling this box again tonight.
I just got user and moving to root. This thread really helped me keep things simple. I would have gone off the rails trying all of the complicated things first! Now off to root…
This was a fun box. - Learned some cool tricks with the cat 
Thank you @ippsec for the creation of it.
There is enough hints here and from ippsec to do it all.
Rooted , Fun box. Lots of hints along the way. pm me if you need a nudge.
And rooted! Thanks for the tips guys. Would like to additionally point out that to get the initial foothold for user, document everything shown, especially once generating a t***** on the h*******. Root was much easier and quite fun actually.