I banged my head on command injection, but that is likely not the way.
think about how you can bypass it running the script many times very fast
Thanks for nice and easy box, kudos to the author. Got little stuck, but it was enjoyable in the end.
If you need any hints feel free to DM me.
hint for initial access
Search for relevant CVEās.
How can i DM you 
Yeah, with each easy box I manage to own I realize how idiotic I am.
It took me like an hour to realize I already have password for needed user and that I donāt need to crack database.
Took me another half an hour to escalate to root, ffsā¦
1 Like
Tried a couple ways with little success.
@assquired gave excellent hints back there.
1 Like
There is an unauthenticated one
Iāve already rooted, but Iām also curious how you got into the admin panel pre-foothold. Would be grateful if you DM me about this, too.
can anyone dm where to find user flag? I feel like Im going down a rabbit hole in this dbā¦
Can u guys at least let the machine start before u reset? :D:D:D:D:D
Feel free to DM.
Itās easy to break the machine so maybe somebody did something that let the machine unable to perform some action and you will have to reset it to fix that problem
Guys, you donāt need to reset the machine! All ACLs are reset every 3 minutes, and then you can try again, If you look in pspy64, you will see that a āreset.shā script is executed in a given time, resetting all ACLS and modifications to the machine, precisely to prevent the machine from breaking and having to reset it.
3 Likes
Yes, but itās not the machineās fault, itās the playersā fault who donāt know that ACLs are reset every 3 minutes, preventing the machine from crashing, thatās why I warned!
How in the ā ā ā ā we gain root in this machine?
Try setting a write permissions on a file that gives you privileges.
Root was fun. 
1 Like
Can anybody help with some advice for root on this machine? I have found the file but a little confused