You say you have no f***in clue, but if you didn’t have a clue, you wouldn’t recognize this. Seems like your spider sense is leading you in the right direction. And I say this having not gotten it exactly right yet but I’m pretty sure this vector will yield something helpful.
1 Like
can you give some hint about how to find LFI?
1 Like
First possible step to this box is indeed through the web application and especially finding LFI in it. LFI can be found in this application through a very trivial path-name that resembles the title of this box.
Goodluck!
1 Like
any hint for root bro?
I have been reviewing the source code for hours and I don’t find anything useful, any hints?
I was able to forge the session c***** too and even got access to some files but I still don’t know what to do with it 
Maybe we are on the same boat, my friend. Let’s see where it goes!
1 Like
Hi guys! I’m kinda lost now. See someone mention an LFI, but I can’t figure out where. Any hint?
I found a vulnerability in File discrosure, so I snooped through everyone’s files but still can’t get in. Am I missing something…
Same here, I also found that if you sign a cookie with user:{} and get /home/ it will list all the files on the server, but does not give anything useful
I’m so lost on finding the LFI, any hints or anyone I can DM? <3
EDIT: Got a nudge and found it. Don’t overcomplicate things 
1 Like
hey could you dm for a hint ive been stuck for a little while.
Did this box’s difficulty change from Medium to Hard overnight or…? Strange it still awards a medium level of points…
There was an entire discussion on discord based on this topic. 
You should check it out if you’re curious.
2 Likes
I could really use a nudge for the LFI if anyone is willing. I feel like I’ve mapped the entire site with Burpsuite, but I can’t seem to find anywhere to execute the vulnerability, any help?
Got the bump I needed, thank you @defyinb! For those in the same boat, genuinely the best advice is to not overcomplicate it, it’s a very simple exploit and you’ll kick yourself for not seeing it sooner, and as others have mentioned try URL encoding parts of the endpoint and see what you can figure out. Start by trying to find the file that is the entry point into the program using your knowledge of the technologies the app uses and go on from there.
1 Like
Any hint about lfi ?
For root, if I may recommend, be careful and think twice before choosing the correct attack vector. I was a bit reckless and crashed the box, my first time ever I believe, haha (If you go down this path, I highly recommend to set up a test lab to see what goes wrong and test there).
The correct solution does not need such dangerous stuff and if it may help, it is one of the (if not The) ancient linux privesc.
Nice box, thanks to the author! And yes, it was more towards Hard difficulty for me (at least it was more difficult than Gofer).
1 Like
I decided to screw around with the box a bit and found a second path to root. Interesting that multiple roads lead to the same destination.
Either way, still a pretty good box. Taught me some new tricks.
2 Likes
Please, can some one nudge me on the lfi?
Who find something usefull? I need an hint.
I’ve done some (passive and active) scanning and I found some vulnerability, but it is useless for the exploitation, I don’t know if I can write here what I found or it is against the rules