Foothold and user : Well, guys are wright ! Don’t look for any webapp but a daemon. There’s a recent vulnerability on it. I’m shocked ! :neutral:
Root : well. I see a knife thing. Is it this ? … thank you guys for leaving hack tricks on server. So the answer was just in front of my eyes but I missed the chance to search a bit by myself 
.
Thanks to @zvfhxxxxz and @elveskevtar for the nudges.
Anyone ever have trouble submitting a root.txt flag and getting “incorrect flag”?
EDIT: It appears the flags change when the box is moved from the release arena to the active machines section. Re-rooted and got a different flag which was accepted.
Rooted.
If anyone has a question i would be happy to help you out!
User: Look for version number on what the website is running would be my main pointer
Root: don’t look to far you will only need to enumerate 1 command and do some googling (maybe you will see it without google) and than it 1 simple command and you are root!
Was struggling with foothold more than needed going down rabbit holes. Phew. Once fh identified user and root took literally seconds.
Got foothold immediately but can’t seem to figure it out how to exploit the tool. could use some help
rooted it without any help.
is anyone willing to provide hint, stuck at root.
got user using Chinese help.
Type your comment> @IamMegalodon said:
is anyone willing to provide hint, stuck at root.
got user using Chinese help.
try to see what you can do as the user, and remember that often the name of the box is some form of hint … (linpeas can help but you should do this basic enum everytime for easy / medium boxes)
after that, read the documentation online and with trial and error you should be able to get root !
?
Found a way to get the user flag, and find the way to get the root but since i cannot get a reverse shell i don’t think that the method will work
Got root !
Initial Foothold/User : very simple if you can find the exploit
Root : usual enumeration will tell you what to look for, after that read the documents you will find a way to execute your payload.
DM me for nudges !!! 
Got user trying to get root. Stuck at k***e command, don’t know what to do with it, any tips will be accepted.
FOOTHOLD and USER: Try to find version of something that is used a lot in webapps and google it.
Rooted :naughty:
Pretty easy one! Can’t even think of hints that do not disclose it completely!
Anyone that needs some help/guidance, pm me!
Just say upfront what you have and where you stuck!
@busshi can you tell me here please ? i cannot find a path for root, i access k…e menu and then… :-s
Rooted. This was a fun box.
User: Don’t rabbit hole… There is much information in the ways of recon
Root: You should find what you need almost immediately. Remember your Priv Esc enumeration and what your user can do… Then from there… look for how the tool can be leveraged…
SPECIAL HINT: A good rule of thumb (In general that MIGHT be applicable to this box) is to remember that there are other shells that have already been written… Sometimes generating your own isn’t necessary.
Rooted! Lots of good hints on this thread but I’ll leave my two cents.
Foothold: Something I always see but never have had to check until now.
Root: Maybe something in the help menu can help you?
DM me for a nudge
Quite a fun box. Very recent exploits so it was impressive that HTB were able to build and deploy this so quickly.