This is hard, I tried payloads and even obfuscating them, if anyone has a hint contact me.
Same here, stuck here for hour
i found the subdomain for hours but canāt bypass the auth 
, any hint ?
Maybe read the blog posts on the main subdomain, sometimes people do not follow the āimportantā instructions 
1 Like
To those who got the user.txt is it mandatory to setup thecert ??
Banging my head to make payload workā¦
Are you at the stage of having to obtain the user flag or are you asking for the steps that come after having obtained user.txt?
Nope at the stage where Iām trying to make my payload work 
If youāre open to spoilers I can share what it takes in private. But setting up the cert is not necessary
That is a relief !!! I was setting up the cert and doing weird stuff with it
Any hint for play with the elasticsearch - -
i compile a payload in a one .exe file (working on my windows) , i find the right script to upload it , i get http 200 answer but didnāt get the reverse shell ā¦
Someone willing to DM me about user flag? Having some issues to invoke a Revshell back to my NC
mee too
Iāve been trying all day to see where to put the payload you say. Subdomains and many other things, and I can not find anything at all just the 2 domains the CN and the other. If someone would be so kind as to give me some hint or something I would be very grateful.
I am also stuck bu apparently you should use a recent vul on elastic search the name of the box is a hint
For those not at the payload stage, I would suggest reading the content of the blog carefully. Imagine the author is actually doing all the stuff they are writing about on the blog. This leads you to some information that will make clear what everyone is talking about wrt a payload.
I have been fighting with payload the whole day but Iām now in
hint : sometime burp is better than script 
1 Like
dude i am stuck with the payload too did you manage to get a shell ?
Which payload did you use?