Finally rooted… this easy box could be ranked a tough medium last year
And the box get reloaded sometimes in every 5 minutes…very annoying
While finding admin privileges it shows their is no vulnerability with using my tool can u help me
For those wondering why the reverse shell doesn’t allow PE, it is because of the older version of libapache2-mpm-itk used by the machine.
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738131
Based on the article, libapache2-mpm-itk was found in early 2014 to cause issues in functions like seteuid(). If you “cat /usr/share/doc/libapache2-mpm-itk/README*”, you will see the README file was created in 2013 which probably already has that issue.
Hi all,
Need some help here, I’m stuck. I found the foodhold, 1st user.
Can someone please DM me with some help.
Hi there, I managed to enumerate the ‘other’ connection type, and reading through the enumeration I got offered a username & password, which I think I wasn’t supposed to get as I gather I’m meant to use an API to get in, am I correct in thinking this?
yes
Already pwning pandora. The key in this machine is enumeration is the most important thing.
User : Please read and analyze the results of the enumeration
Root : Really EZ, just classic.
What a crazy ride 
. This was definitely a tough one.
I believe there’s enough hints here.
Great box because it’s not a “standard” box as we’re used to and this is great.
Foothold was pretty easy and user was, for me at least, hard ! But funny and learned a lot of things. I’m not even sure I did it the way it’s supposed to be done, if anyone wants to discuss it just drop a DM on Discord.
Root very standard and straightforward.
I’m available for help if needed.
Thanks
Finally exploited i had a problem while accessing tcp connection . User part is tough.
Hi,
I need help, i can login into the p******_c***** as m*** but i don’t know what’s next. I explored the whole panel but can’t find anything. I have tried some exploits on the g*** module but none of them is working.
Use some webshell exploitation
you can use one of Admin tools to get a shell
Foothold : Well, only 2 services discovered and nothing relevant. So the catch is elsewhere in another vector from your favorite recon tool 
There are other boxes with the same functionality. So retrieving the credentials to connect to ssh is easy.
User : There are 2 users. On the recon step you see a special check program running as root. The command inside gives access to the api. The check output shows an IP.
Root : a recent vulnerability on *nix systems gives proper root immediatly. So there’s no fun. Boxes need to be patched 
I’ve got root, but I don’t understand how the key is used correctly? If anyone knows how to use the key correctly please let me know! You can also contact me if you need help.
Man 
Box ruined by someone leaving a root exploit binary on the box in the user home directory 
Cmon people, what happened to leaving your exploits in /tmp/<username>
Had anyone issue with the reverse shell die due to timeout??
I’m a bit lost as to what I am doing wrong here. I’m trying to use a URL to get into FMS but when I refresh my browser I get “WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)”. But from what I understand that is not a warning I should be getting the very first time trying to get access to FMS. Any help would be much appreciated.
any hint for foothold?
i saw only 2 services open
Hí, If someone reached the user by hand without using tools, could you solve a question I have?
Interesting machine, a hint.
User: Do enumeration, and then google.
Root: A bit of enumeration and some googling.
If you feel stuck, send me a message and I’ll help you :3
enumeration opens the way.
recent privilege exploits cut all the “old” ways of privilege escalation into the root.
wow…
no need to interact with the web apps anyway… 