WTF guys, if you want to transfer loot, either
python3 -m http.server
If you serve it from the target to be downloaded, all other players have access to it. And it’s visible on nmap.
Major spoiler, I shouldn’t have had those keys by now…
anyone facing error in nsupdate .response to SOA query was unsuccessful
Learned a few from this box. There are several advice on the box. Reiterating some
Read the home page carefully. ( I didn’t and assumed few things, hence wasted time)
User : remember DNSstr is the name of the box. also read what is in the webroot directory
Root: it is obvious what you are exploiting. Just read that file carefully and don’t over engineer.
Wow, that box was HARD. I really wasn’t expecting something so tough, too bad for my ego lol.
Great box though, I learned something at every step of the way.
Thanks @jkr !
Jeez, this one is kicking my ■■■, hard. My lack of knowledge in DNS is showing.
Just got user after a few hours of trying to understand the whole thing…
Onto root, now !
Edit : Ok, root was way more simple xD
Been **update for like 2 hours. Can someone plz throw me a bone here when it comes to properly getting *** into the box? **update doesn’t seem to be working for me, or I’m updating the wrong zones or my syntax is bad…plz help.
Hello guys, I’m stuck for the user flag. I have no idea how to get it. Any advice!?
response to SOA query was unsuccessful Never has an error message frustrated me more than this one, jeeez
I was able to read the root flag, but wasn’t able to get proper command execution working.
Also wondering now if those things I last week found were meant to be found.
Can someone DM me?
Hello, when I use ns****te I don’t get the prompt ‘>’. What is the problem here?
Type your comment> @hum4N3rd said:
Hello, when I use ns****te I don’t get the prompt ‘>’. What is the problem here?
Make sure you have a fully functional PTY.
Hello,
I was able to spot the hint on the site and work with RESTy.
I’ve just find one “usual” endpoint but I’m not able to find any doc, how to take advantage of it.
i can successfully GET a custom domain, but i’m stuck in here.
Really cool machine!
Cool machine, but someone left a special file in the user’s home dir which spoiled the privilege escalation 
Yep, I got spoiled by the same file. Still struggled a bit to get root, but that was a big hint
I’d recommend looking at the dates of the files when you see them. If the file is from a few minutes or hours ago, it’s probably not part of the box.
That being said, yes, please delete your files or make your own folder to work inside, I myself have been spoiled (have spoiled ?) quite a few times !
I keep getting “invalid format” on the s** k**, what the heck? I even replaced add the “*”'s with newlines. WTF.
I used the API, all right, but I do not know how to exploit it :l
Hello, I am getting refused error while using n*******. What am I missing out?
Great box, thanks! 