■■■…
was under my eyes for two days…
really clever, it’s done to teach you to open the eyes.
Got user, i will work for root after i finish work shift.
stuck on root, i really think it has to do with splunk and I already have creds, but I’m not finding anything… any suggestions?
Rating this box as easy is counterproductive. A proper rating is important not to discourage people (new and old!).
Overall it was a nice box, except maybe the common message space (people looking at what others are doing - which is the idea of the space I guess). Anyway, I spent way more time than it should have been. Respect to the creators.
My 2cents:
Foothold: good observation is key, then the injection, which should be clear by now given all the posts talking about it. This was a pain for me, my advice is that it’s a two steps thing which might be a bit different from how it would normally work out (or how it is described in general). It’s easy to lose sight of that.
user: doesn’t really make much sense but anyway try whatever could be an actual password when you’re doing the usual strings search
root: I knew what I had to do but it took long as well because of a misunderstanding of how an exploit works - reading the code and trial and error helps.
I wont call it an “easy” box, actually I think its closer to medium. Anyway, that was an interesting experience. Thank you, @egotisticalSW !
Also thx to all those guys who left some tips or nudges in that topic, they are more than enough to get root.
Fothold definitely of a medium machine and this way rated in average by users.
No hints from my part because its enough here already. Overall quite nice machine.
Can someone help me?
Type your comment> @TazWake said:
@xenofon said:
Can someone help me?
With what?
i am stuck on foothold i edit /et*/h**ts ,with the do****.htb i found http auth on 8089,now i run some dns/vhost test with gobuster but nothing comes up(subdomain-top1mill-11000.txt)
@xenofon said:
Type your comment> @TazWake said:
@xenofon said:
Can someone help me?
With what?
i am stuck on foothold i edit /et*/h**ts ,with the do****.htb
Focus here.
i found http auth on 8089,now i run some dns/vhost test with gobuster but nothing comes up(subdomain-top1mill-11000.txt)
This is probably a rabbit hole.
Rooted! Foothold wasn’t easy and user just required a lot of observation skills. I felt root was easier compared to the foothold/user portion.
Don’t have much hints since most of them are already given before.
DM for additional nudges.
Wauw that user… I really thought it was some dumb htb user… many hours later i just hopelessly tried it. What a troll 
Foothold is very nice!
Other hints are already given.
Thanks for the fun!
got it, my second box aha!
root was very direct but i stumbled with some syntax issues, i still can’t work out the cause of this… i’d love to read a writeup and learn some more.
thanks for the hints!
Ok, rooted. Needed to adapt one script to the right python version, learned a lot about this actually…
Funny anyway, one time you figure out a way to take is very easy
Finally rooted. It was a fun box. I loved the initial foothold.
Initial foothold: There is something on the website that can INFOrm you about another place you can visit. Leave a message about what you would want.
User: the regular enum script has something for you. Read the file and then you can play with the string.
Root: Go back to that one guy who did not like you before. This time he’s gonna talk
PM if you need help
root is very easy…once u know the user!!
hint -: c**l reverse shell is enough to know user
root@doctor:/home# whoami
whoami
root
Would anyone point me in the right direction for a place to learn inj**ion attacks. i tried the pentester labs cheatsheet. Any good learning for this type of thing other than OWASP would be great also, thanks ?
@mrgrooves said:
Would anyone point me in the right direction for a place to learn inj**ion attacks. i tried the pentester labs cheatsheet. Any good learning for this type of thing other than OWASP would be great also, thanks ?
Its worth checking out portswigger.net, hacktricks.xyz and onsecurity.com. Also payloads all the things and medium has a couple of very good articles on this.
You just need to be searching for the right thing.
Finally rooted this machine.
Lots of hints already given on here, however here is my experience:
Foothold - Keep trying, all the things you need to get this foothold can be found on google
User - Enumerate, Enumerate and Enumerate. Read everything carefully, its very easy to miss!
Root - You already have one part of the puzzle in your arsenal, you just need to find the other piece.
finally got the user! talk about a needle in haystack man oh man. on to PE.
that file was one of the first files i looked at, but the mistake I did is that I took it on my own to search in it, should have stayed with the enum tool !! 
… and Doctor rooted 
;
I would like to thank you all for the tips, the one worth repeating is enum enum enum.
thanks to @egotisticalSW for the machine.