Official Developer Discussion

Official discussion thread for Developer. Please do not post any spoilers or big hints.

Anyone have a nudge to give for foothold? I’ve been attempting use the upload feature but to no avail, not sure how to get around the CSRF middleware. My other idea was to somehow exploit the messages module but at this point I think it’s a dead end. Have I missed something obvious during enum, or am I at least on the right track?

Anyone made any progress besides finding that CSRF? I am unable to exploit that.

@ruskii said: > Anyone made any progress besides finding that CSRF? I am unable to exploit that. No luck here either

This machine is extremely difficult. I’m at the same spot you guys are.

Some progress. I now have access to another app on the same port. Would not have found it without help. Can’t see how to exploit it for a foothold yet though.

@camk same. I think i know what to do next, but it throws error Guys, I hate and can’t properly esrever, is it way to go upper? (

Great box overall. Beware a giant rabbit hole on initial foothold: you may gain admin access to the web application but still have missed the intended path.

Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root A nudge would be appreciated :slight_smile:

Type your comment> @SN1CK3RDO0DLE said: > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root > > A nudge would be appreciated :slight_smile: If you’re www-data then you’d have to find another user :wink: But from that other user it would be slighty easy to root. Just one small challange :wink:

I’m stuck in root. I think to need a nudge :slight_smile:

Got user, really nice box ! Looking for root now…

Type your comment> @jsarmz said: > Type your comment> @SN1CK3RDO0DLE said: > > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root > > > > A nudge would be appreciated :slight_smile: > > If you’re www-data then you’d have to find another user :wink: But from that other user it would be slighty easy to root. Just one small challange :wink: Small? Really? Am I wrong in my previous post? )

can i get a nudge on the second site to foothold?

Struggling with the final step on this box. I have found the interesting file, and know what I need to do, but can’t locate the info I need inside it. Anyone able to help? Update: Found it. A different tool helped - the one from the NSA works well. Thanks @TheCyberGeek for the box :slight_smile:

hello everyone, I got stuck during revshell to get the lowest user from the mechine developer when I entered the revshell payload nothing worked, is there any reference or clue that I can use??
Thank you:)

Tried almost every wordlist - none so far

Hey , Can i get a nudge for foothold? , I am currently stuck at the admin page for django

Is it safe to assume that a certain excel file is not a rabbit hole for this box?

Oops, someone already answered this a few chats up lol