How do you bypass the filter?
If you are frustrated: This is (again) simply not an easy box.
Honestly, at this point I am out of explanations for these ratings. If you look for simpler machines maybe because if you are a beginner or just would like to have a brain teaser if you are more experienced, do not go for the official ratings.
However, the creator of the box did a great job 
4 Likes
Hey, how did you find that .json? When I check the source.zip a can see .vscode but I cannot find that .json file. Any help?
think about the name of the box - think about the types of tools that open source projects use
Upload the code to github. Thats the easiest way to find the difference between each commit.
If anyone can help me with the last part of User - the stuff with the tool. I would really appreciate it. It really seems like I am doing everything correctly but it still isnât working - I am having a problem I donât understand⌠any help would be appreciated
Been reading the comments/hints for foothold but I am really stuck. Can someone please DM a hint?
I would like to ask for help aswell. No idea what to do.
Oh my god how annoying and frustrating can a box be ? After spending hours to get a reverse shell, you just have to do it all over again because the box rebooted, or because what the â â â â , or because you used Ctrl+C, now the server is unresponsive, see you tomorrow, ah while you were working on the pivot part, the PIN changed by the way, generate it again, oh no now the boot_id file is empty for some reason. God thatâs awful.
Edit : So, as it turns out, one of the first things I tried was indeed the way to go, but the box is so unstable that it wouldnât work at the time, and I wasted my time and my sanity trying to find a door I had already opened. So, if like me, you thought about forwarding ports in order to explore that filtered one you saw earlier on your Nmap scan and it doesnât work, maybe itâs just the box thatâs playing with you. Enjoy.
1 Like
I have a shell, but the hints here for escaping the container arnt making sense to me, could someone DM me a hint please
How did you get the shell?
Iâve tried running docker build -t werkzeug-debug-console:latest . (similar to docker run -p 7777:7777 werkzeug-debug-console:latest) and also got access to upcloud page but canât access the /console page!!!
Am I on the right track?
help me pls
I think there are a couple ways to do it on this box. I managed to generate a pin for the console page.
using docker build -t werkzeug-debug-console:latest . ??
Managed to got shell 
Next step to get User
Some Hints:-
- Read source code how it works and you can open your route for shell
As hinted above by some users, Upload file and see how it can change Server
Why forget about PIN ? It works perfectly fine and is in my opinion way less of a headache to get than the other method.
1 Like
I guess it could be, donât know.
Who needs tips send me a dm
If any one need help just dm me
Hi, Can someone help me with L** exploit please? Thank you!
You should look something âhiddenâ in the directory.
1 Like