Nice machine - finally rooted 
If youâre stuck DM me, but please provide steps already taken
Rooted 
Thx for that easy box ^^
Dm if stucked; but if you just go through your basics you should succeed ^^
Rooted, that was a fun box.
If anyone needs a nudge feel free to DM me!
I need hint to bypass the /login.php 302 redirectionâŚ
I found by fuzzing /accounts.php which I have to enter it and I modified the response from burp to bypass the redirection but it didnât work, any hints !!!
after created account successfully, when I submit the shell after uploaded it nothing happens,
I need hint about uploading the payload and get a shell plz
I need a hint about how to download the backup zip file
Type your comment> @obfucipher said:
Type your comment> @RandomPerson00 said:
I have the same problem as the comment above me.
Do you have to figure out where the server stores the files?Donât try to go with a file upload. There are other ways to get a shell.
hint
guys, I face a blank page when I trying to download the backup zip file and I reset the box and tried again and the same problem 
H****** is giving me âtoken length exceptionâ for the hash. A little embarrassing, but I canât figure out whatâs wrong, Iâm using -m 500, could that be whatâs giving me the error?
Type your comment> @DarkCasterX said:
H****** is giving me âtoken length exceptionâ for the hash. A little embarrassing, but I canât figure out whatâs wrong, Iâm using -m 500, could that be whatâs giving me the error?
double check the hash
I struggeld to crack the password for 2 days using Kali. Now I got it. For all those having the same problem: May the Force be with you
Had an issue on the foothold where burp didnât want to work. Used curl instead and it worked first try. Hash was a bit annoying but everything else was a good example of an easy box.
Reach out if you have any questions but as always let me know what youâve already tried!
Loved the box!
I was feeling dumb on the website til I remembered some of the orange dude functions.
The problem for me was the hash, but I was able to crack it using h⌠(I had problems with the other boy) took me 14 minutes.
The root was way easier than the web part, but was very fun!
Thanks for the learning trip!
Not sure if itâs just me being bad at web, but that user was fucking hard.
Root was easy enough tho. Was a fun box, thanks!
box rooted,
DM me for hints
rooted! easy and straigthforward. For some reason my payloads to get foothold were not working when I first tried yesterday, but they ran just fine after trying again.
Plenty of hints in here already, but feel free to DM me for help, but please explain what youâve tried so far
I canât get a foothold :l
@kr4k3n said:
I canât get a foothold :l
Enumerate. Find things that look odd and request them from the server. Use this to find other pages which might be useful. Visit them, tamper a bit and get access.
When you have access grab the thing you couldnât access before and look at what it contains. Examine the stuff - get the loot (for later) and find something you can exploit to get a shell. Exploit it, get a shell.
This hash is killing me. This is the second day of trying to crack this thing. Any tips?
@z3r05i6n41 use your own PHP code