Tip for User:
When you think you need to go over something, look for ways around it instead of confronting it head on.
You missed it, linpeas again
You can find in with linpeas
You donāt need any creds for that subdomain
gobuster failed also here, use wfuff and you will find it
The foothold via the m**ro is working? I donāt know where is my error. I already reset the machine 4 times and regenerated my vpn
The right path to a foothold is in the mail 
Yes I know. Now itās working. I was creating the m**ro in the wrong place.
Then you made the same mistake as I did
1 Like
This box was fun. Especially the final escalation.
2 Likes
I can fetch files from my local http server via the subdomain. However I am stuck on how to use this to access the filtered port and do my attack 
Any help/hint will be appreciated ā¦
Can someone PM me? need help on bypassing subdomain creds
Hey! Any hint of which subdomain list should I use? Did not find anything yetā¦
Any list will work. Common one? Above nudges are sufficient, try wfuzz-ing.
Would be great if someone could nudge me a bit with the foothold. I can get the payload where I want to (at least I think so), but I just canāt get it to fireā¦ Mostly Iām also interested if there is a poc/something similar or if you crafted the payload from scratch
Feel free to DM.
1 Like
After much effort, I rooted this one, many new topics for me. I need to stop looking at the difficulty ratings on these machines or something because there were two pieces that I completely overlooked because I didnāt think they would be present on a hard rated machine. Need to find a way to figure out if there is an insane machine so I can avoid for now, otherwise, I should disregard level:)Canāt express enough gratitude to Onisec, Lim8en1 and pandas08s for the time they give for feedback.
Happy to help in DM if needed.
1 Like
Iām So stuck getting foothold/Shell
please any help will be great DM
You can DM me
Yeah, IĀ“ve tried with every tool but no subdomain foundā¦ DonĀ“t know what is going on