The more time a box has, the more solutions it’s gonna get. Makes sense, right?
Can someone help me? I tried everything to get foothold in last 7 hours. Please DM
well yes , but this happen usually the last 2 days before the box expire … drive this is the 3rd day of drive … usually an hard box the firsts days has 50 max 100 users that root it … this box got a peek root the 2 day …
i m not against write up and… but from season I never happened a thing like that…
anyway i will end up this today … but im pretty sure will be hard to get back at where i was
Stop complaining and put the work in
2 Likes
hey people, I managed to discover the root privesc path. Even go as far as finding the working payload/technique. But I’m still having trouble squeezing it to the allowed limits. Could I DM someone to ask more about it
I think a good way to root is RE the excutable file on Tom’s User
anyone faces an ssh issue?
Can someone tell me why I can’t log in after I decrypt the hash code…
Not to sound like captain obvious but maybe password is not correct? 
You mean the cracked code is useless? I still cracked the wrong password
I found user.txt and now trying to do privesc, can someone DM me to help choosing payload? thanks
Anyone mind PMing me a nudge for PE?
I think I know where to attack, just stuck on how to go about it.
Cheers.
Brother same problem, im stuck on the payload for privesc 
Finally rooted 
@Chainmanner 's hints were a great help!
If you need a sanity check, you can drop me a PM. 
Anyone got any tips for foothold?
i need help for root, i know what to do but dont know how and where 
finally rooted the machine, it was awesome.
didn’t like much the user part but the root part was really beautiful… never thinked of such a technique there…
dm me if u are stuck
Rooted…
Foothold needs more patient.
And the vulnerable function is really really hard to enumerate. You need take care some same feature in the webapp but in different implementation.
For User part
You need take care some source code, and check the data leak in foothold.
One way to filter is checkin someone password preference.
For Root part
There is not only one way to get it.
Too much spoiler … If you need you can DM me.
1 Like
The path to root on this machine was like a rollercoaster ride. The user foothold had its share of frustration, but the moment I cracked it, I knew the best was yet to come. Privilege escalation to root was like discovering a hidden treasure chest.
DM me if you need any help 
4 Likes
It’s not as rollercoaster as Cybermonday, at least for now 
I got hashes, including the ones that pdkts_whatever (can’t ever remember the abbreviation :-D). Got martin. Found some LFI’s as well, cute
Anyhow, seems like the password cracking is the step forward. I don’t quite understand how to reduce the wordlist and which one is to use anyways Would be awesome if anyone can hint!