The reverse shell from payload all the things will not work here, but there’s another popular php shell that will.
how did that go , did it work ? and if it did ,how?
I’ve goot administrator priv and find 2 flags but it says that my flags are incorrect when submiting…What’s going on?
How to use p0wny to get user ? Can anybody help ? do you obfuscate the code ? do you use burp like proxy to add code when upload a .phar file or you upload a .phar with code already inside ?
I don’t understand why when I’m try to upload p0wny shell the upload doesn’t successful 
Need help with sent mail 
When I try to attach a file It doesn’t attached. Even it was a jpeg file. It only attached empty files (((( What I do wrong ?
I’m stuck in ‘Error code: SSL_ERROR_RX_RECORD_TOO_LONG’ 
I’ve tried resetting the box but nothing happened atp I’m just going to bed
Anyone wants to discuss root/Administrator path with me? This one was weird for me… Please DM
Hi. Can you tell me why the first host we access via the web app has a different IP. That is, starting with 192.168.x.x. How can this work if my kali is not in this subnet. Is this some kind of container?
Phew… That was a journey.
User 
Root
Feel free to HMU if you need a nudge.
Can you share what led you to try webmail on port 443 instead of staying on port 8080 or other opened ports? Thank you in advance
You first need to exploit other things.
The webmail is only interesting when you already have credentials.
And as the forum already said. Do what Dr. Brows say when you are at the webmail stage 
i am having issue : Forbidden on port 8080 on hospital machine.
help?
An easy and interesting medium machine. Thanks!
FOOTHOLD : it’s a DC, but don’t go away! 
It’s not an AD challenge
USER : find RCE and crack. Pay attention to email.
ROOT : lol . Easy, but a classic and not so used vector.
Can someone please help me with initial footload.
I did all enumeration with major port but no luck then I finally found something with webserver with file upload. I have tried various way to upload it but no luck of getting reverse shell
Has anyone had issues logging into the app on 443?
2 Likes
it says connection to storage server failed eh?
use GitHub - flozz/p0wny-shell: Single-file PHP shell for php reverse shells
Hey i got both the user flag and root flag but hackthebox doesn’t recognize them and saying invalid flags i get the user flag from
drbrown.Hospital
and got the root flag using
xaamp
! What have i done wrong?
same here. I just reset the box to no avail.
the date of the flag files are 2/4/2024 so quite old
EDIT: switched to EU VPN and got a sort of clean and up to date instance. Problem solved