I’m a beginner but I agree with you, I really struggled with the SSTI part since it was my first time with this kind of scenario.
1 Like
Hi I am newbie trying to solve the perfection box can anyone help me out please i am not able to understand where to do SSTI. I tried sub domain enumeration but didn’t found any pages is there any other pages there.
just pwned it, im a total noob, it was very very very hard, spent atleast 4 hours, i was heading int he right direction but something in burpsuite made it so hard, if anyone needs help hit me up, ill give you tips in the right direction
whats your DC?
Is there a way to complete root without waiting 12 hours if I’m only using a virtual machine and don’t have access to spare GPUs?
Yes, there is.
Specifically, if you craft it yourself. On a script language it takes about 20 minutes, on a compiled one way less, maybe half of the time.
1 Like
tracking. I got root. Thanks for the insight.
To all the folks who are saying they spent X minutes building a custom wordlist for this box:
I regret to inform you, that was wasted time.
Look into alternate modes you can use with your kitty (or your old-timey tophat frend) and you’ll see that a wordlist is entirely unnecessary.
2 Likes
rooted it now, but I wasn’t able to get a reverse shell for quite a while. I was able to execute some commands, but as soon as I tried to add “-e sh” to my nc command, it would just stop working. Anyone got any idea as to why that is?
I have the same problem. It’s very strange.
Edit: Got it.
Hint: Yellow and blue type of snake.
stuck on the root flag 
Can anyone point towards the foothold? Not so much how, but where!?
Hi, did I understand correctly that before doing something with a mask, you first need to find the hash of the user?
Right?