Hey, thanks. Rechecked my exploit and found a silly bug 
Got root! Nice machine!
I can confirm that. Spent the last hour and a half trying to understand why the exploit wouldnāt work, reseted the box, and it worked on first try.
Can you please stop dos the machine!!
thank you.
Hello everyone on the box 
,
I did managed to get working exploit but it sims like problem on the box can you vote with me to reset it?
thanks.
Hi. Im strugling alot with the id_rsa key. Anyone else have problem with this?
Load key āid_rsaā: invalid format
Anyone else had the same problem . Dont see any way to go further without using the key
Regards
I have exactly same problem. Did you solve it ?
Check that the file is formatted correctly. The expected file format is:
ā XXX ā
sdffdfsdffsdffsf
ā XXX ā
newline here
Easy to mess up and somehow remove the newline, when copy&pasting, happened to me, too
1 Like
My first medium box. Now rooted. It certainly was a step up and I struggled on each step.
Foothold: I ran my standard enum and found nothing of interest, even set some stuff because of something I read on the webpageā¦nothing. Then I thought of another enum approach due to the info on the webpage and fuzzed my way to something interesting. This will now be a default step for each box going forward. Overallā¦it took me over a day to come up with the idea.
Foothold->shell: About the only thing that was straightforward for me. Googling brought me to the promised land fairly quickly.
Shell->User: I had the basic idea quickly but it was fiddly to pull off. Took me a long time to actually find the attack vector though (I will run this tool always in the futureā¦combining it with timeout 3m is useful). The blog post that writes up the basic attack was very interesting, I learned a lot.
User->Root: Found the basic attack vector on the previous step already. Took me quite long to actually put the required pieces together. Thankfully the first thing I always check after getting user already contained helpful information and basically all you need. That being saidā¦it was almost a full day until it clicked.
Finally rooted my first medium box.
I learned a lot ! Wonāt add to other hints as they say plenty already.
Message me if you are stuck !
This was a really fun box to work on. Itās not very heavy on the enumeration side; the vulnerabilities are mostly technical and exploitation is deliciously elegant.
Foothold. This is basically the only real enumeration you need to do. Remember that you can enumerate more than just directories. Once youāve found it, notice that the server output is suspiciously similar to a certain well-known tool. This tool has a very nice vulnerability you can exploit to obtain foothold. Thereās a couple good write-ups about this.
User. Once youāre in, do some basic enumeration. The thing youāre supposed to do here is a part of every enumeration checklist, so it should be easy to find if you donāt know what Iām talking about. Youāll come across another tool that has a similarly tragic reputation. Be careful, though: the server likes to take your toys away, so be sure to put them somewhere safe.
Root. Again, do a very basic thing thatās part of every privesc checklist. Youāll discover yet another tool thatās very popular in certain circles. Read up on how it works, combine this with what you already know about the user and the path to root will be obvious. You might encounter a small bump in the road here, but this is easily solved in the obvious way because the server is just really insecure.
I have no idea why Iām getting an error trying to connect through ss*, Permission denied, invalid pk.
Not sure what to do here.
Edit: Fixed issue by reformatting the downloaded file. Seems like its obfuscated or something?
I have no idea how to get User,
I was able to reverse shell as www-data, but I have no idea how to escalate privilages to th****.
Can anybody help me ?
Hi for those who have the issue about the formt of id_*** take a look at your loal id_*** file and format it in the same wayā¦
I got user but Iām having a hard time with r00t. Do I do something with the conf file? Can someone give me a nudge?
Iāve found what I need to do to get user, and have successfully tested it both in the foothold and locally. However, while the system reports the commands to be running, I cannot even create a file in /tmp. Does anyone have any nudges?
I got it guys! I just needed to try harder
Hi, it seems to me that the vulnerability was on exif on php side. I try to upload several image with modified metadata but the code not seems to run. Can you help me?
A really enjoyable box with no traps. Particularly liked the root path.
Thanks to the creators for taking the time.
Having trouble with foothold.
E*ift**l reverse shell works locally with version 12.23, but wonāt work when I upload my image to the server. Am i using the wrong exploit?
Edit: I think there must be a step inbetween the RCE and foothold I havenāt quite grasped yet
Edit: There is not, something was wrong with my payload 
I think the box needs to be reset. Iāve just got root before getting user in a single, simple command.
Is this intentional? Surely notā¦
Edit: After resetting the machine bash is nolonger SUID rootā¦ yikes 