Type your comment> @JasonChang said:
I has been get shell via SI, and executed the li***.sh to enum some info for privesc, i noted the lo*****te seem like vuln.
Am i on the right way?
I has stay this step for a while, could anyone give me a nudge?
Ohh, i found the way to user1!
I am bit stuck on initial shell.
I cant seem to find a valid path forward I found S***** and know this is my way in. I tried the different default creds I could find but no luck so far. I looked through forum and see that people suggest looking closer at the home page but am not seeing anything obvious. Can anyone help me?
@Droctapus said:
I am bit stuck on initial shell.
I cant seem to find a valid path forward I found S***** and know this is my way in.
It depends what that means. The way in is ****. You are mistaken if you think something running on a very high port is the way to get a foothold.
I tried the different default creds I could find but no luck so far.
That is a decent sign you are attacking the wrong thing.
I looked through forum and see that people suggest looking closer at the home page but am not seeing anything obvious. Can anyone help me?
Look closely at it. See what it says. Use that. Access the different thing. Examine it in detail. Exploit it. Get a shell.
What you think is a foothold is better for privesc.
Type your comment> @TazWake said:
@Droctapus said:
I am bit stuck on initial shell.
I cant seem to find a valid path forward I found S***** and know this is my way in.It depends what that means. The way in is ****. You are mistaken if you think something running on a very high port is the way to get a foothold.
I tried the different default creds I could find but no luck so far.
That is a decent sign you are attacking the wrong thing.
I looked through forum and see that people suggest looking closer at the home page but am not seeing anything obvious. Can anyone help me?
Look closely at it. See what it says. Use that. Access the different thing. Examine it in detail. Exploit it. Get a shell.
What you think is a foothold is better for privesc.
So I realize now I was going for Privesc first. I just am not seeing any forms or anything where I can potentially use a S**i. I am so very confused by this box
to add some more to this I have been digging in the page source, ran dirb and gobuster using all kinds of wordlists. The different thing is what i can not find. S****k was only a thought when I could not find anything else.
@Droctapus said:
@TazWake said:
Look closely at it. See what it says. Use that. Access the different thing. Examine it in detail. Exploit it. Get a shell.
What you think is a foothold is better for privesc.
So I realize now I was going for Privesc first. I just am not seeing any forms or anything where I can potentially use a S**i. I am so very confused by this box
to add some more to this I have been digging in the page source, ran dirb and gobuster using all kinds of wordlists. The different thing is what i can not find. S****k was only a thought when I could not find anything else.
Just to reiterate. Look closely at the page. See what it says. Use that.
Type your comment> @TazWake said:
@Droctapus said:
@TazWake said:
Look closely at it. See what it says. Use that. Access the different thing. Examine it in detail. Exploit it. Get a shell.
What you think is a foothold is better for privesc.
So I realize now I was going for Privesc first. I just am not seeing any forms or anything where I can potentially use a S**i. I am so very confused by this box
to add some more to this I have been digging in the page source, ran dirb and gobuster using all kinds of wordlists. The different thing is what i can not find. S****k was only a thought when I could not find anything else.
Just to reiterate. Look closely at the page. See what it says. Use that.
LOL I feel so dumb right now.
It is possible I am just frazzled by how much time I have wasted. Which is why none of this is making sense to me.
I am looking close at the page and the only things I see that it says to do is contact them via the options in the center of the page. The phone, email, etc
@Droctapus said:
I am looking close at the page and the only things I see that it says to do is contact them via the options in the center of the page. The phone, email, etc
You have what you need - its hard to go any further without spoilers. DM me if you are stuck.
My first machine rooted here, you guys are awesome. I had to fight a lot but, with the little hints dropped here managed to do it. Thanks!
rooted!! That foothold gave me ■■■■ for a few days.
user: You should already know what to do, trick is to get the payload right.
root: Follow the steps you found.
Shoot me a message describing what you have done and why you are stuck if necessary!
Eh spend some time at the beginning thinking that could use s***** to get to the user… boy was I wrong and blind… User & Root : done… One of the easiest roots so far
holy cow…this is my first box after a 10 month hiatus. What a ride! Lots of clues in the thread but I’ll provide my input 
foothold: the trickest part for sure. If you are experienced in developing web apps using a language named after a snake, then it might be easier for you. Otherwise, read up on how to develop web apps with this and how it can dynamically display content. Keywords - think of the thing metal container you drink alcohol out of and those japanese stealthy warriors who wear typically black and are silent.
user: once you’ve figured out a way in, as other folks said, enum as usual. You dont need a reverse shell to get the flag though if you;ve found the whoopsie 
think of the higher ports and what that app does.
root: same as user but if you’ve enum’d enough, you’ll know what to do.
hit me up if u have questions
Found an 8081 port, but i cannot connect
@kurogai said:
Found an 8081 port, but i cannot connect
Then don’t connect to it. The port you need allows connections.
You may have found a port left open by someone else.
Can someone help me with the payload? I need help
I’m pretty sure I know what to do but the lag of the pages makes it unbearable. Anyone else having terrible slowness for this challenge? I’m alone on the machine, tried reseting it, reconnect, etc.
Just got the user flag, is there a s*****d webpage to get the root flag?
@Trist3 said:
Just got the user flag, is there a s*****d webpage to get the root flag?
Not as such, but there is a service.
Type your comment> @TazWake said:
@Trist3 said:
Just got the user flag, is there a s*****d webpage to get the root flag?
Not as such, but there is a service.
Thank you! I solved it!
root@doctor:/# whoami
whoami
root
fun box btw!
Foothold : choose the right payload, try harder as much as you can!
user : this file always record anything
root : CVE... make it simple!
big thanks to creator @egotisticalSW 
Been a while since I did a box, but got root after quite a bit of trying.
foothold: lots of back and forth between input and result
user: do not overthink it, i saw it first time and dismissed as it looked too easy…
root: google got me the exact answer
am up for helping out