Hey, we can’t restart the box anymore, and it does not seem to work!
I was just about to root the thing!
UPD: Hey, rooted! It was a nice box, kinda hard for me as a complete beginner though…
Any hint how to start, I did some scans and the only thing i found is that its missing content-type header. where should i go from here
Do some more enumeration use gobuster/wfuzz for vhost/dir enum.
Edit:
This module explains everything you need to know:
1 Like
Too all others.
Please don’t change passes or hashes
Already rootet this box and wanna do some other stuff but the passes aren’t working anymore. Don’t make it harder for other ppl.
2 Likes
Quite a newbee on HTB and it’s the first seasonal machine i was able to root from scratch.
Really interesting and well done. Thanks to the creator 
1 Like
Rooted, interesting box for sure
Are you sure you don’t have sudo privileges? Are you still www-data?
Need some help. Cant get foothold.
Busy yesterday, so I’m finally getting around to the box and it was another fun one! Definately on the easier end of the spectrum.
I will say that both steps related to known vulnerabilities from this year. With a small amount of research and reading the way forward should be clear.
- User: Try multiple recon tools if you aren’t able to fully fingerprint the app. Once you have this a simple google will turn up the info you need for foothold.
- Root: Look in the obvious places for priv esc and do some hunting. there is a POC of sorts which can be found for this vulnerability which will lead you to the way forward if the vague language in the CVE reports isn’t enough (which it wasn’t for me, haha)
You can DM for if you are stuck with something specific 
Happy hunting!
1 Like
The box was really fun especially root.
1 Like
I agree. It’s nice to have a fairly laid back box that doesn’t involve conjuring up a small demon and selling part of your soul to solve.
Kudos to the author.
Feel free to DM for any nudges.
can I get a pm about this too?
Does anyone else have an issue with the dependent file required for privilege escalation not being present on the system? Maybe I need to generate the crash?
1 Like
I am having the same issue. Let me know if you find a workaround
It was a fun machine. For me Gaining foothold took lot of time but Priv esc was easy
if you are talking about D***y , yes i have the same problem , i am not sure this is the good cve , seems to be a more recent but can’t find a script…
i am stuck as www-data and cannot seem to find a way to get into logan can someone please PM me what should i do?
5 Likes
Rooted ! very easy and fun machine both user and root are straight forward, google will give the answer to almost everything
Thanks to the creator of this challenge!
1 Like
It was a pretty simple box, I had trouble with the first step, I was stumped, had to look at the hint, but the solution was easy.
Thanks for the interesting box!
Guys, everything is on the surface, you can do it!
somee pls dm i need help with root
i found something but no crash or am i to generate crash?