Trying to crack the cookie signature, but does not seem to work.
Yeah no idea where to even start with this one. Like an instant dead end.
first blood ■■■
3 Likes
I tried all the tools that i could think of, plus manual enumeration and i do not have any idea anymore what to try xD
1 Like
it’s funny to think that can be a plot twist: The machine don’t have any vuln and we are baited
7 Likes
that would actually be hilarious if they did that some time ■■■■
i found 2 vulnerabilities so far
oh my joshSH… 
Is this really medium difficulty? 
1 Like
I have an “LFI” that allows to read only read files from the web. So far enumerating the App.js and other paths.
1 Like
13 hours and still no system own. Oh HTB and their arbitrary difficulty ratings
it’s only been 9 hours
Weird, let this box open overnight and my files are still not deleted…
Did you found already something?
1 Like
There’s something with the private / non-private I guess
or there’s something with the download_signature…idk how to proceed 
This is a pure guessing box? 0 clues what so ever
1 Like
So no one has rooted this yet???
someone get user
I think there is LFI in file upload (Private) right?
well interesting. only one player rooted it now!