Official discussion thread for Late. Please do not post any spoilers or big hints.
7 Likes
Give me a hint! I found THAT DOMAIN, (well, you know), I tried everything. I uploaded files in different formats, tried to run the web-shell. All in vain.
7 Likes
i am stuck at that domain any hint
Really nice machine, thanks @kavigihan !
@JustMarfix you are probably on the right track. Playing a bit with the tool at āthatā domain is a good starting point to understand what it does and how.
Now a few advices:
- Identify the webserver, framework and the backend language that are used (quite obvious but important).
- Look for common types of vulnerabilities related to this particular backend.
- The type of vulnerability is common but the way to exploit it requires some āpictorialā creativity.
6 Likes
Thanks a lot! I tried to play with it yesterday. I spent ~3 hours trying to do smth, hah. I also used Wappalyzer.
This one was really painful for me. Getting it to do what I wanted took way too for me long on foodhold! Root was pretty straight forward
PM me for nudges if needed
4 Likes
can you give me a hint, i already found the domain, try to run commands via image, but still no progressā¦
1 Like
Thanks to bolazoo i got User, stuck with rootā¦
I think I have figured the main idea, but get a ā******** ***** āend of ***** ******', *** 'glob__āā error when trying to upload. Any hints?
Phew! This one took me a while to get RCE, but it was a breeze once I did. If youāre running into issues with this box, different fonts in different places might help 
(If youāre working toward the OSCP, I would say this one is a good 20-pointer type of box)
1 Like
plzz i need hint for rce
currently im on upload part
I have a piece of advice for all of you who hit the wall over and over again: keep trying!
I had to do all the steps again since Iām on another computer now so I donāt have the progress made the other day, thank God I already knew I was doing the right steps because yesterday I got user.txt but when I tried to read the file that gave me the key to access the box, I got an error on every try. If it was the first time Iāve approached this machine with this kind of error, Iād think thatās not the right vector for the intrusionā¦
In short, even if you hit the wall, keep trying.
stuck on the upload page for more than a hour now. currently trying to use e******l and upload the malicious file, but to no avail. Am I on the correct path?
doing the same at this moment, so I guess we are on the right path? 
same stuck on that uploads tried b**** but cant find anything in hold
I am right there with you. Gone through what feels like 100 fonts so far. Not the most enjoyable foothold is itā¦ lol
2 Likes
I used the default font with a large size.
IMO it is more reliable dealing with the expression, applying some of the tricks for this technique, to avoid ambigious character / character combination.
3 Likes
Oh my word, thanks for that @tec Yes indeed, that helps massively!
Stuck at the enumeration part donāt know what to do. shows 502 bad gateway, please help me out.
@R007KIT R007KIT try discovering more domains