Type your comment> @DaShan3 said:
Ok so I have come across a page that tells me to use a command to provide some information. But I’m having trouble trying to get the command to work. A nudge by you more experienced folks would be appreciated!
Disregard answered my own question
Spoiler Removed
Hi Gang - Ive found a lot of things, but nothing that I can think to do get a shell with - Would appreciate some nudges on the foothold if possible - Many Thanks.
User was way harder than root, it seems I was still struggling with URL encoding and crafting input payloads to inject parameters. I hate having to load up BURP every time I want to encode a string…
Not a difficult box, but some opportunities to get rabbit-holed !
Neat machine.
Stuck with forecasting the weather((( Plz give some hints…
wow, this and laboratory are kicking my ■■■■!!! any help would be kindly received !
Finally rooted,stuck for a long time,some tips:
1.Get a good Dicts,if you don’t use kali linux.
2.Enumerate…and look up information.
3.Watch out any information you can get.
4.”Guess”….,something you got before maybe is useful.
Spoiler Removed
managed to get root. very interesting box - I learned a lot. foothold was the hardest, mainly figuring out which characters to use to escape the parameter. after that the path was fairly straightforward, although I overcomplicated things with root. thanks @aio for getting me out of the hole.
thanks @polarbearer for a great box.
Spoiler Removed
@ghostng said:
Type your comment> @balkan said:any hint? im stucked in /w******/f*******?c***=l***
if you are an english speaker this is a huge spoiler…how the heck did you guess that???
never mind, dangit!
Finally rooted 
thanks for the box @polarbearer
If anyone need a hint, DM 
Finally rooted the machine, it was a fun box.
Initial foothold:Enumerate properly and try to think how you can close what the computer started and then make it do what you want.
User: What is this guy doing
Root: home dir has the key to his power
Thanks @camk and @trcm for the nudges
PM if you need help
can someone give me a nudge on the ‘c’ parameter? I understand the concept, i understand how to theoretically do it, just would like some help with the methodology used to discover it and to achieve the end result. thanks team!
Type your comment> @trcm said:
I hate having to load up BURP every time I want to encode a string…
I foundcurl -G --data-urlencode "param=value" urlhelpful!
@bw00lley thanks, I also discovered a similar (but longer!) curl method :
$ curl -Gso /dev/null -w %{url_effective} --data-urlencode @- “” | sed -E ‘s/…(.*)…/\1/’
But the shortest I found was simply :
$ jq -sRr @uri
Fairly enjoyable box - I can see why it was rated easy but there were some gotchas for people.
Pretty much all the good tips are already in the thread. All I can suggest is understand the OS a bit as that really helps. Two steps are very specific to that environment.
Pff. Somebody copied root flag to /home/root.txt with 777 perms :lol:
Can’t rm it, still doing user - restarted the machine.
Please be mindful guys.