Official Pilgrimage Discussion

so when i’m trying to read the output of /var/**/*********e , there are so many zeroes in the hex code and it’s erroring out everytime i try to read it. Any hint how to do it?

1 Like

any hints?

i am also stuck at upload but i used gobuster before

Someone deleted, restarted the machine and now I got this folder

Pro tip: Dirbuster doesn’t finds git repositories


In my case a wordlist worked, I just needed to restart the machine because someone thinks that It’s funny to delete files :slight_smile:

Might I add how frustrating it is, that every few minutes or so, the machine lags to load the website!

so what do i use?

for the root, the poc isn’t working:/

I’m not sure what i’m doing wrong

So are you supposed to see/be able to download the entire hidden directory or do you have to bruteforce it? (or look for a specific file in that directory)

1 Like

Welp, i’ll wait for tomorrow to be able to play this box, can’t even ping the machine properly, so frustrating …

1 Like

Can someone DM me a hint for what file I should be looking for with the exploit?


for me too plz

1 Like

Does anyone know why i am getting this error? The hex is looking different each time i run the exploit and i get this:

I hope that’s not too much info, i tried to remove the relevent

foothold:do fuzzing, don’t just try the typical, try others, from there see what tool the web is using and search in google
user: look at the source code, above in the forum you will find something that will help you.
root: enumeration, and search on google and youtube

Anyone knows or tested some “untended” way? I’ve found an weird server response, and i not sure if it’s make part of the main path.

Nice machine, I got a little caught at user at first but once i notice the core issue getting user and root was quite straight forward.

User: If you run nmap with scripts and look carefully at the output, you will have no need to do gobuster/fuzz to find the foothold.

Root: look for user-triggered root activity in the machine.

Good luck!


I’m stuck at getting the foothold, I have the source code but I can’t seem to work out what to do with it. Can someone give me a hint?

1 Like

Very easy box. A nice snack to keep us happy until “Intentions” gets dropped. There are plenty of hints already on this forum, more than enough imo.