Ok, finally got it. But I would rank this as medium. The steps are easy when you know them, but It´s a lot of googling, trial and error since you are unable to see if you are on the right path. And for someone who overthinks stuff there´s a rabithole aswell. I need to get more wild and fire of things with every possible parameter rather than analysing too much. But it was a nice box in the end.
Type your comment> @m3mphi5r4r said: > Any nudge on foothold? Check website code and like others said…CVE
Type your comment> @f1rstr3am said: > there´s a rabithole aswell If you mean the g****e d***e path - I wasted no less than an hour on it.
I’m a beginner but I’m stuck. I’m playing around website but I didn’t see anything in burp and gobuster. 
Any hints?
i have found the exploit and i know how it works but i can’t find the users creds maybe give me hint ?
Well, i’ve got user.txt but can’t understand how to get access to ssh, lol! ------ NVM. rooted. Pretty nice box, really nice user. But i don’t know why is that necessary to create 1 more user. Seems like rabbit hole Anyway, thx for box!
> @unicodesquare said: > Well, i’ve got user.txt but can’t understand how to get access to ssh, lol!
Hi, I’m the creator of this machine , i hope moderators don’t consider this comment as spoiler. So i’ll give some tips may this help you: Foothold: When you found that hidden web interface , you better not rush and use All CVE your found on google , first find the VERSION of that dashboard than chain your attack So you can get a Foothold on the machine. Root: use the tunnel , and don’t forget about other response codes . I Hope y’all enjoy this box and learn new stuff.
3 Likes
well I found> @esio said: > I’m a beginner but I’m stuck. I’m playing around website but I didn’t see anything in burp and gobuster. > Any hints? search for the vhost in gobuster i used ffuf and found some interesting stuff
Ok i finished the box after pausing for a day or so. The initial foothold is not hard , neither the root, but the l*****l page looks like it doesn’t make sense or “connects” to the rest of the machine.
got the foothold, but stuck on the initial s***** shell. guess root is a long way to go, gonna sleep
That was a ride. Took a break and found the root path. Agree with @tsheva that it seems a bit disconnected. DM me if anyone needs a nudge.
Type your comment> @wail99 said: > Hi, > I’m the creator of this machine , i hope moderators don’t consider this comment as spoiler. > So i’ll give some tips may this help you: > Foothold: When you found that hidden web interface , you better not rush and use All CVE your found on google , first find the VERSION of that dashboard than chain your attack So you can get a Foothold on the machine. > > Root: use the tunnel , and don’t forget about other response codes . > > I Hope y’all enjoy this box and learn new stuff. > > Thanks for the box! Just got root, was a fun box. The posts in this thread already pretty much give you a good handle on what you need. If anyone’s looking for a nudge feel free to PM me and I’ll try to get back ASAP if I’m around.
Type your comment> @wail99 said: > Hi, > I’m the creator of this machine , i hope moderators don’t consider this comment as spoiler. > So i’ll give some tips may this help you: > Foothold: When you found that hidden web interface , you better not rush and use All CVE your found on google , first find the VERSION of that dashboard than chain your attack So you can get a Foothold on the machine. > > Root: use the tunnel , and don’t forget about other response codes . > > I Hope y’all enjoy this box and learn new stuff. > > malgitch al creds t3 al users bach nedi jwt token
Type your comment> @dialm said: > Type your comment> @wail99 said: > > Hi, > > I’m the creator of this machine , i hope moderators don’t consider this comment as spoiler. > > So i’ll give some tips may this help you: > > Foothold: When you found that hidden web interface , you better not rush and use All CVE your found on google , first find the VERSION of that dashboard than chain your attack So you can get a Foothold on the machine. > > > > Root: use the tunnel , and don’t forget about other response codes . > > > > I Hope y’all enjoy this box and learn new stuff. > > > > > > Thanks for the box! > > Just got root, was a fun box. The posts in this thread already pretty much give you a good handle on what you need. If anyone’s looking for a nudge feel free to PM me and I’ll try to get back ASAP if I’m around. am stuck in login panel of cms i cant find any creds to login and there is no unauthenticated cves …
found the login page but can’t seem to enumerate further. would appreciate any nudges 
Try finding the version of the cms and find vulnerabilities for them. There are 2 main. One will give you access to login page, the other will give you foothold. You might have to construct your own exploit/request, I could not find anything ready.
rooted! nice box 
took me a while haha
Disappointed. User was excellent, but root is about blind use some tool with product version mismatch… It’ definitely not Easy box.
Fun box, just finished. User: the foothold it’s usually the hard part, but if you understand the usage of the web you will find what you need. You need more than 1 CVE Root: normal enumeration, s** or chi*** could be useful. The second one one is very well explained in more than one ippsec video. If nudge is need just dm