Got a kind of general question for the group. So, I have a basic shell and can edit some files. I was messing around and while I see the path I should take, I think I may have found another I want to play around with. I’m trying to edit one of the php files served by the webserver, but it seems that when I do that, the webserver just hangs and refuses to load. Is this expected behavior? A friend mentioned that file overwrites/cron jobs could be causing this but I’m not sure.
Nice box…the foothold was quite tricky…feel free to PM if you are stuck 
for those struggling with cracking the password with the cat–make sure you do not use the -O option.
Anyone that can sent me a dm on the delim thing? I am stuck there
I’m trying to figure out second user and not getting anywhere. I keep falling into deep unending holes that lead to nowhere. I did find something that runs file on the local machine. But I am not sure how to use it to my advantage. Any help is appreciated.
Nice and easy box FOOTHOLD: just common enumeration, and look into that response codes; maybe use a tool like Bu*****te to understand what is happening USER: once you can move on the website, just check that files you got, you will find the way to go in with unprivileged user. Then use what you got on other file to find some good creds on that Service. ROOT: just change the way you look for binaries. Note: I don’t know if it’s intentional, but when i was root i couldn’t see anything, I had to do some tricks to get the flag feel free to ask for hint if you are stuck
Hello Please can someone PM me to explain to me the revshell command used to obtain foothold? I quite don’t understand the characters typed (specifically &) Thanks!
Struggling hard on foothold. Probably overthinking things. Have the zip, reading the code. For the life of me cant figure out which parameters to exploit, uploading files doesn’t seem to disclose a path to execute them … what am I not seeing?
finally able to root!! i had a really good time with this box. learnt so much from Web to Priv Escalation. I stumbled on getting root access and took me a while to understand what happened. thank you @m4lwhere !! feel free to PM for hints.
Never worked with PHP in my life so I’m unable to get foothold.
I’ve been looking at the source code, not really sure if I should exploit ***i (which I think it’s a rabbit hole, looks like it’s sanitized) or file upload. But then again I upload a file, look at the source code but I can’t reach that file so that the server can execute the code.
Any sort of guidance would be kindly appreciated because I don’t even know what to try
Nice box. I enjoyed. I learnt a few tricks in the initial phase of foothold. I required a little nudge in that part because I didn’t pay attention in the obvious part and I try to follow a track which was completely wrong (I am still noob). At the end I succeed getting shell. The rest of the box was really easy if your previous enumeration was ok. And the privesc maybe too easy. But nice box!
I love how this box “takes security very seriously” and proceeds to do stuff not very securely. gave me chuckle
Love when you get foothold then you decide to have some sleep and when you are back, literally NOTHING works what worked before. Anyone else having this issue?
Got access to the system but stucking on getting further here. Any hint possible?
I read about hashes but have no idea how to get some access to them. Thought injection might be an option but didn’t succeed here yet. 
Edit: Think I got the idea, just used the wrong r****** s****.
1 Like
It confused me a bit as well, as this usually isn’t vulnerable this way. It’s because the security feature was deliberately turned off for this machine. Thought it’s a little lame. Check the config files after you root and compare with your own machine.
Rooted! Cool machine, very good to beginners to start messing around with burp.
Shoutout to hadrian3689 and this post he made that helped me a lot.
Here my hints:
Foothold: Look under the curtain. If your eyes cant see it try to understand what’s happening. Which better tool than burp. No, you dont need the ippsec video if you ok with burping everything and really understanding whats happening there.
User: It takes a while to process all that salt, just be pacient.
Root: Make YOUR path.
I have gotten the user flag, and I believe I have found what I need for privesc on the box. I feel like I am missing something super easy, a nudge in the right direction would be much appreciated.
Rooted the machine, this was my first ‘box’ and it was very fun!
Nice machine @m4lwhere. I learned a lot!
Feel free to DM me I’ll do my best for helping with hints.
Ok, I feel stupid. I’ve been trying for the past hour or so to get the first user access but I just can’t seem to get it right. I’ve found the file that is exploitable, I think but after that, no matter what I try it just doesn’t seem to work. Any tips?
Hi, could anyone help in providing info on getting the hash flag? It would be greatly appreciated. I’m already logged in.