The form is not working as expected. Resetting the box fixed it for me.
2 Likes
i managed to do something and I can’t replicate it now lol
2 Likes
my man @htf was right, you have to reset the box
1 Like
is anyone else getting a call back 5-10 min after submitting?
4 Likes
then what happens ?
1 Like
It works as you would expect
1 Like
I am not able to enumerate it at all.
Only home, contact page.
No subdomain or dir brute worked.
looks like i’ve hit a seabed
1 Like
Anyone who gained user can say if the attack path to follow starts with letter “C”??
It is the only thing I can think of, but also cannot think about how to take advantage of it
3 Likes
Same I don’t think any way to use that to get something useful 
1 Like
it has to be something else, almost sure, trying that seems to be a rabbit hole
2 Likes
I’ve been at this page for a while now.
1 Like
Hey. I am extremely stuck (2+ hours already…) on the contact form (LFI, PHPSESSID…). Any clue on how to proceed? I have assumed already that probably I should keep doing reconnaissance, but I do not know the path… Thanks a lot!
2 Likes
the hint is your website. But need to reset the vm sometime its does not work
1 Like
I’m in the same situation
1 Like
Guys! I ended up in a github 
anyone else? should I keep searching around in it or am I overthinking it?
1 Like
The foothold is so random lol. Enough hints already exist within this thread to find it.
1 Like
That was a fun box. If anyone needs a nudge, feel free to DM after the 24 hour mark. Cheers!
4 Likes
Already reseted a couple of times. Thought it might the website, but I see nothing except the message “form submitted successfully”… Tried a couple of things, but I see no reaction
2 Likes
just start the server and sent ur ip:port like usual. u should get something or the vm slow
1 Like
man this user is BAD, what a first foothold… 3 hours for such an easy thing
2 Likes