Official Inject Discussion

Official discussion thread for Inject. Please do not post any spoilers or big hints.

1 Like

hello, is it available already? because i get network error when spawning

errors here aswell

yeah me too :frowning:

same here

Do you still have problems ? My error message is Machine is not yet available.

Same here… even by trying other VPN profiles

Edit: I see that machine is up from 19 utc, so I have to wait a bit

The topic name is injection, but I can’t find the injection point, there is only one place to upload, but it is restricted by many suffixes,which brother can do it ,please PM me

1 Like

For me, at least, this was not “easy”. It took me about 8 hours to root.

That being said, I absolutely loved it. I learned a lot and had a lot of fun. Great box!

Is anyone having problems accessing this machine? I have added inject.htb to my hosts. I can’t access it over IP or url. When I ping it, it’s up and running. I can run nmap on it, but I can’t access the web page?

Check your nmap results carefully

check the port

Thanks guys. Weirdly I did try the port and it didn’t resolve. I tried it again now and it worked. Thanks for the fast responses!

Took some time, but finally could complete this machine :smiling_face:

It is not the hardest, just has some unknown vulnerabilites, privilege escalation was considerably easier, all the payloads are easy to find on internet, and even arriving late, it was still possible to complete it in little time falling in just one rabbit hole only because I forgot something, I would say it is an easy one

But aside from everything, if someone ends up needing help, you can surely send me a message, R is always here :heart:


This box was not that easy from the outset.
Testing the webapp for all functionality, leads you to find something that you can control to get an unintended output.
But this is not the targeted path (spent quite some time here), it’s there for you to enumerate the underlying web application itself. (If you use the wappalyzer extension, you will notice it doesn’t have much to show). @Paradise_R mentions this above, once you realise what it is look for vulns that came out together. Where one got overshadowed by the later one. :wink:

Path to root was pretty easy once you see what is being done automatically and what you can do as user.

1 Like

Gain as much information as you can about the services that are running, their version, running as what user, then google is your friend. Easy machines are pretty straight forward and there are less rabbit hole.

It’s not an upload vulnerability right?


Got user. I’m not that good at PrivEsc. Can anyone DM me for hints to root?