Type your comment> @c4r50nz said:
Type your comment> @lebutter said:
Why doesn’t Nikto flag this right away ?!?
Thanks, nikto reveals something nmap doesn’t show. I will add nikto to my enumeration routine.
Maybe you could also get the header with a simple ‘nc’ ? 
For the root, remember the name of the machine often gives a clue 
Very nice foothold I was waiting for the box with that to be honest 
and here it is as I desired!
It keeps telling me “Failed to spawn instance” although I was able to use it yesterday
Edit: Apparently only the EU Arena is struggling, works with US right now
Very Easy machine
Roooted…
Ping me for any help needed…
Rooted. At first I was a little frustrated for the initial part, but when you take a close look at it you’ll see that there is something wrong. The root part is very simple.
Rooted, took me like 45 minutes to get user and 10 minutes for root.
I think I were lucky, because I heard about the user flaw a few Months ago - which definitely pointed me to the right direction.
Rooted. User took forever. It was hard to find the way even with lots of googling. Root was very easy.
User part of this machine was a bit sketchy in my opinion, and the whole machine would have been far better suited for the “Challenges” category. Hard to be on the lookout for something that was never really quite there in the first place.
Root part was incredibly simple, but gave me a chance to write my own revshell script for that specific platform that is way more stable than what I pulled from the web before.
I need foothold for user, anyone? Fuzzing a lot, searched for public CVE and nothing yet
Rooted. That was kinda fun.
Entry point - there’s not much to find. So sparse you probably missed it. Check again. Google stuff.
First box after more than a year off. Good entrypoint i guess. 
However i guess i would have given up on user without the post of @adminseeker
User: nikto/google
Root: pretty basic
Feel free to ask for nudges if you are stuck
Rooted. Wappalyzer missed a very important detail that nikto didn’t…Note to self to just check these things manually I guess.
Is it cheating when I only read the root flag as user?
@WebFan said:
Is it cheating when I only read the root flag as user?
I’m not sure if there are any official guidelines for this, but I think that’s normally fair game. In some machines it’s trickier to get proper root access than to just read the flag, but in this one I’d say it’s straight forward. Maybe try a different…“option” for privesc?
Need any help ? Dm plzzz 
rooted
└─# nc -nvlp 4242
listening on [any] 4242 …
connect to [10.10.14.175] from (UNKNOWN) [10.129.135.165] 38356
id && hostname
uid=0(root) gid=0(root) groups=0(root)
knife
Foothold was a pain in the ■■■ to find the correct article. The rest was a piece of cake.
was not a great box, but it’s done. The first steps aren’t obvious, and it’s quite strange that informations are so hard to find… Root step is a classic one. Feel free to ask hints if needed : I’ll try to be “spoilfree”
Rooted: Didn’t find this too enjoyable. Enough clues here already to complete.
User: Google-fu once you find the service version you need to know , as results are few.The chinese clue is all you need.
ROOT: Very easy the box name is big clue.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)