I found that creating furniture in a certain location was problematic due to the furniture being removed after a time 
Maybe try another location.
1 Like
Thanks, thatâs helped me to get root. Just neeeded to see that from a different point of you.
Thanks 
You are very welcome!
Hey guys, I already have found the code, and I have analyzed it. The problem is when I try to expo** a note, I get a âInternal Server Errorâ. I have already reset the machine a couple of times and nothing changes.
Nvm I already got user
i found the X** but im stuck on how to e*****t it can anyone help?
just to make sure, the X** is in B********p****7 right?
Found 2 users. Are there other users ?
Donât lose time. Users are case-insensitive.
EDIT : found another password in config file. Donât know where to use yet.
NOTICE : the most effective method to brute force users is to use a web enum tool with a wordlist of forged tokens.
1 Like
Most mediums tend to lean toward hard, but this medium was really quick and straightforward! Feel free to pm me if you get stuck
1 Like
you can find the valid user with zero bruteforce, it was the second thing I tried
1 Like
Finally got this working. Got me like 2 hours.
As for Foothold there is one particular thing suspicious in the machine. Simply google decoded value and youâll be good.
The most time-consuming part for me was looking for right user. After all I had to brute-force it, but application makes it possible to check if a user exists. I could not guess it manually.
Then just RTFM. 
User/root - I am not sure if I did it right way, because during entire test, I wasnât able to login or to get user shell. I directly got root shell with one trick with no privilege escalation needed. Anyone did it similar way?
Can someone pls give me a hint for root? I think Iâm missing something but not sure what. Tried all the usual privesc routes for linux but havenât found anything interesting
UUuuuuuuhhhhggggg⌠The privesc is just⌠not⌠working. Found a 2006-era privesc that falls flat about 4 or so steps in (at the last minute it throws a âyou canât write hereâ or âaccess that right nowâ). Have tried putting the exploit in a couple of places that the user account can write to, scoured the source for other exotic location ideas, and still rewarded with a middle finger. Giving up for the day. Hoping that when I come back to it next training day the server will be in a better mood. I see others historically have had issues, so I see it as a shruggable moment.
Stuck on privexec. Any hint? Tried some exploit but nothing
Found user. Now going for root.
try looking at the web source code and seeing what you can do with some hardcoded stuff in there
This was a fun box. I like the how itâs obvious early on what your goal is, but itâs an obscure enough case that it took a second for me to figure out how to implement it. Root was fairly straightforward. Great box!
On rooting. Whatâs the catch with that backup script? How it is executed? 
WellâŚ
Rooted. Thanks, @NyanNyanKoneko, for help 
same situation & find builtin user. Thatâs it.
The e***** function is weird & broken. However, I didnât get source code at this point.
Any Advice? thanks!
[Updated] solved. Clue is enough then. Thanks
rooted:
If anyone needs a tip just send a DM