Have I to manipulate the URL? It’s the just I have in mind… Please help
i think that’s the hint.
share some hints. bro
I finally found the LFI, now I have to understand how discover directoriy and file names to download it
lol easy? Who are you, Neo? This was not easy for me but maybe I took a weird path.
5 Likes
yes i’m neo you caught me
Psychic mode on: i see, i see there is a coffee shop in front of me there are 2147 people lined up. They all want to buy an espresso.
1 Like
Hello I was trying to figure out how to proper use our monster friend, I got access to some source files and I understand how can I use to abuse the LFI vuln. But I need some help, so could I DM anyone and see if I am on the right direction, please.
Removing my post.
Downloaded all files, including the private and anonymous files.
Found nothing in there (all the same) and I am not sure how to continue now.
Hello guys found source code but i can’t forge pm in case you did
User flag is done. Got quite sidetracked in between.
Have I to search for somethings like credentials in the users uploaded files?
I exploited LFI and I’m able to alter and sign cookies, I found all files uploaded on the site, but now I’m stuck…
That was super interesting! And actually pretty enjoyable. I’ll definitely keep an eye out for future opportunities to use that root exploit. Had a bit of a rough patch near the end, when I had to reset the box several times due to crashing important processes… but after I figured out why, things got much much better 
Finally rooted! That was an adventure. I didn’t realize just how accurate most of the hints here are with “keep it simple” until I was finished. In terms of the actual exploits and how difficult they are to execute it’s definitely a medium box IMO, but in terms of finding those exploits and what you can do with them it was definitely a hard machine. Major thanks to @4wayhandshake and @defyinb for guiding me in the right direction when I was getting stuck!
PM if you need any hints, I can’t guarantee that I’ll be quick to respond, but I’ll do my best!
4 Likes
Anyone wanna work on root together/anyone up who can give me a nudge, been stuck on root for a few hours…
i have a question i found the crds on the machine for the …ql anyone could guide me where i can use, i try to su another user and to use to log into the …ql but it not work, i dont know if i miss something but looks very straight forwards.
Can someone give me a nudge for root, please? I was trying several paths, but now I think I’m very close to it, but I just need help trying to figure out some things.
Now that the box is closed, if anyone needs more extensive hints, feel free to reach out.
3 Likes
Hello… Im stuck with the root flag. im trying to compile a file that will be transferred to and executed on the server. can some one help?