So I found the injection point, ran all scripts I could find, even tried changing up the scripts a bit, but still it returns nothing. I can’t read any files. What am I missing?
Rooted!!
Thanks for the author of this box,!!! 
Well, if he’s anything like me he’d probably spend the next 10 years trying tags. For expediency try figuring out the lib/module the site is using, and then google for that + the type of exploit you are targeting, and be specific don’t just search for generic “vulnerability”.
Been stuck trying to get root for a couple days now. I can use the capability to inspect other processes, but haven’t found anything helpful. Does the path involve injection? Thanks.
I think you are on the right path but don’t overthink it, you don’t have to load anything, set is all you need.
This was one of the coolest system owns I’ve ever done. Great machine 
Very nice machine , i’ve learned quite a bit from it !
For the initial foothold i spent much time realizing that i will need to actually download the pdf to see that my payload works… 
The user flag is pretty trivial i dont think that it can be missed.
As for the root flag it was pretty new to me and it took me some time to understand how to use those capabilities.
For anyone that is stuck feel free to PM me for some hints. 
2 Likes
This is the first machined I pwned without having once visited the forums during the lab AND without extending the machine time. Fun one!!
For root, did anyone able to get a root shell? Not sure if I did the intended path. DM me for details to avoid spoilers.
Nice box btw!
Rooted!! ~(=^–^)
Thank you for the hints!!
Rooted!! Nice box.
DM me on discord (n3hal#1527) if you need any hint.