Had a long way until logging in, but after that, root was the easiest thing in the world
This machine gives a good sense of progress, every step has its own lessons and I learnt how to use sqlmap 
Recently I kept making scripts to automate some tasks and create misc functionalities, so my rate of completion is decreasing XD
If anyone is needing help, R is always here, I can surely lend you a hand at anytime, just send me a message 
Rooted!
Nice machine! It take a while for retrieve all elements for get a shell as user!
Root was interesting but definitely simple!
Hello, I am a very new beginner and I am struggling with the sql injection, I think I have the right plugin: http://metapress.htb/wp-content/plugins/bookingpress-appointment-booking . I have found an exploit online but I don’t really understand it. Can anyone give me a walkthrough or hint for it, please?
Of course, I sent you a message on the topic, I can guide you through it
Anyone wanna give me a nudge? I was able to log in to the site but when I attempt to upload ANY media file I get a “This file type is not permitted for security reasons”. I have been trying to look through the source code but cant seem to find anything that would inhibit uploads.
I’m having the same issue. Got so frustrated that I looked at a walkthrough just to confirm I was doing it right. Maybe someone messed with the admin settings on wp?
When something is malformed it may be marked as insecure…
Hello after you root a machine, please don’t leave files lying around. Just found the root by using cat on a file. Had to see walkthrough on why it was too easy. The steps to find the flag was more complex than just using cat.
I am having same error … someone please fix this … it’s very frustrating
Hello everyone.
I have found what i need to do to exploit wordpress after i log in.
I follow the steps exactly like the exploit says, but for some reason when i upload the file, i do no get a response with the file that i request in base64.
Is someone else having or faced the same issue?
Very easy machine. Finally I enjoyed this without getting blocked for hours. I even done this without the need of a hint.
If you need any help don’t hesitate to contact me
Nice machine. Foothold was a chain of finding the right exploits and knowing where to look. Took a while, maybe I should have made a script for the xxe part.
Root was a lot easier than other ‘easy’ boxes.
Don’t forget to delete the root password file when you’re done.
hi, I did as described by CVE, but I couldn’t upload files in the WordPress background. Warning This is an unsafe file type
Is your problem solved, I am also experiencing the same situation.
hi, I did as described by CVE, but I couldn’t upload files in the WordPress background. Warning This is an unsafe file type
Hi, as sayed from others uploading a file is a rabbit hole. If you found the right CVE then you just need to look for something more… try to find some usefull information inside files
Is my CVE incorrect, not to upload media files to exploit xxe vulnerabilities?