to me this box is much more harder then snoopy … i relly cant get into r***s commands and logics
3 Likes
stuck at the same point… frustration at full blast!
Need some direction on what’s misconfigured in the engine so you can interact with the db 
stuck there as well but we can still share our thoughts if you like
PS : I think I know what to do but can’t find how
Could someone PM me a nudge for moving from pro user?
there is only one difference between a normal user and a pro one, take advantage of this newly-acquired feature
can anyone please dm me to help me get a foothold
Rooted. Got stuck on root for a while trying to inject a command or smth like that. It was quite funny to figure out that a useless at first glance vuln is not so useless. Awesome machine 
Got a lot of fun.
Another thing about the race: taking to account that we can create multiple blogs per user, the race looks quite straightforward and reliable. Really thought that the extra blog feature is a kind of a rabbit hole to divert attention.
2 Likes
Is anyone available to give hints on root? I think I see what needs to be done, but not sure how to approach researching it. DM if need help with user
pm
Well I don’t think I’ll need to put any tips as anything needed is already here…
The only thing I’ll add is: if you’re going through ‘intended path’ (e.g. NOT racing), then becoming a pro is your target… and be careful of that uploading is not the only thing that is different when pro… check source code and you’ll see the real path…
It’s always sunny in Philadelphia.
1 Like
I know almost nothing about PHP. I am lost at gaining an initial foothold, but I have found a “bulletproof.php” script. Can someone tell me if this is a good starting point or what I can even do with this script? My Google searchers have been off the charts in the last two hours trying to figure this out. Any help is greatly appreciated. I make sure to document all information regarding these challenges so any hint you can provide will not be neglected. Thanks!
I’ve never used php, but I can still tell what’s going on by reading the source code.
To discover where bulletproof.php comes from and what it does.
1 Like
Brilliant box - I learnt lots of new stuff with this machine. One of my favourites this season! Big thanks to @lim8en1 for the help around redis
2 Likes
thanks to @Tomouhead for his patience ! i owe u a root flag ! wriite me when u need some ret**d help 
1 Like
rooted, thanks to the help of @mar11, DM who needs help
Rooted this one with a lot of help needed once again- thank you to Adrigm2608 and Yovecio18
And a huge thank you to coopertim13 for the machine. I got a way better understanding of how sockets are applied and root was a really cool intergration of 2 technologies.
Feel free to DM for hints 
2 Likes
Finally rooted.
No racing all the way? i got pro, but still used some type of racing afterwards.
Some extra hint for foothold:
Getting pro is not the first step. you need some other vulnerability to gather information first. (big hint for getting pro already provided, but where to target at?)
1 Like
Finally rooted!
Thank you to everyone that helped with the user and special thanks to @HelloThere who sent me in the right direction to obtain the root!
@coopertim13 – awesome machine, I learned a lot!
1 Like