I have a problem with the dy reof the w**. I can do the un*****y but the dy doesn’t receive the respond of the server. I don’t know why.
Type your comment> @iougiri said:
I’m stuck. I can access m**r/h, but when I try to upload anything I get another 403.
Edit: nevermind, got it to work
Edit 2: Rooted. Great box! Foothold was the hardest part. Got root with the first thing I tried.
I’d love to know how you did this, stuck on the same spot. Tried playing with headers etc, but get no further. Can I PM you?
Wow… good box, user and root weren’t too hard but the foothold was… something else.
I agree with the misleading comments thing though, after a while I came here to see if I could get any clue, and once I found the entrance, I couldn’t really make sense of some “hints”.
So, my tip for the foothold : Door’s locked ? Use the window and see if you can open from the inside.
@donchan91 said:
Rooted this box now; foothold was such a nightmare.
Indeed.
Thanks @MrR3boot 
Can anyone shoot a nudge my way? I managed to read the root flag, but am failing at becoming root.
Need to actually own this one
Thanks
*** nevermind. Was being dumb.
root@seal:~# hostname && whoami && id
seal
root
uid=0(root) gid=0(root) groups=0(root)
Foothold - Nice rabbithole for user l**s . Take a step back a try to see whats unseen.
User - Enumerate, understand what can be done.
Root - You’ll get it on your first attempt.
Interesting Box, finally rooted
root@seal:~# hostname && whoami && id
seal
root
uid=0(root) gid=0(root) groups=0(root)
Can I get a nudge, stuck at m**r/h
Should I play with the headers?
I have no idea how to bypass the 4**.
I have tried everything from hacktricks and other sites. I even used a fuzzer and it returned a possible bypass but it doesn’t work.
i have managed to upload a reverse shell, however whenever i try to trigger it i get a 404 error, is that normal? if i try to trigger other people’s shell i get a 200 response
Type your comment> @GrumpyChris said:
Type your comment> @iougiri said:
I’m stuck. I can access m**r/h, but when I try to upload anything I get another 403.
Edit: nevermind, got it to work
Edit 2: Rooted. Great box! Foothold was the hardest part. Got root with the first thing I tried.
I’d love to know how you did this, stuck on the same spot. Tried playing with headers etc, but get no further. Can I PM you?
you should be able to do the same thing that got you access in the first place
Type your comment> @GrumpyChris said:
Type your comment> @iougiri said:
I’m stuck. I can access m**r/h, but when I try to upload anything I get another 403.
Edit: nevermind, got it to work
Edit 2: Rooted. Great box! Foothold was the hardest part. Got root with the first thing I tried.
I’d love to know how you did this, stuck on the same spot. Tried playing with headers etc, but get no further. Can I PM you?
Sorry, I missed your comment. Sure, feel free to PM if you’re still stuck.
Rooted, foothold and user were quite a challenge, but found root really quick. Usually the other way around for me.
If anyone needs a gentle nudge, feel free to DM me!
Nice medium box!
Foothold: enumeration will help you recover something useful that will point you in the right direction. Analyze carefully what you have, if you can’t access from the main door try a secondary (googling will help understand how you can bypass the road block).
User: No need of enumeration tool if you poke in the most interesting places. If you read well you can link all together and move on.
Root: Simplest enumeration
Thanks for the box!
Finally got foothold. For everyone stuck on that error, check if your c****e is being sent properly and why / why not
Is there anyone to give hint??? I can not find any things.
Stuck on the 403 for upload. Any hint? EDIT: Managed after reading Hilbert’s comment.
Stuck at foothold… I can easily bypass 403, but can’t find t***-**s.**l. All ways lead to 400… UPD: Nevermind. I just reset the machine and found all at 5 sec… # id && hostname uid=0(root) gid=0(root) groups=0(root) seal
Type your comment> @Morlax said: > Finally got foothold. For everyone stuck on that error, check if your c****e is being sent properly and why / why not That was very helpful, thanks
That root tho, lol!
I’ve found the > @WillRoutiou2 said: > Type your comment> @Morlax said: > > Finally got foothold. For everyone stuck on that error, check if your c****e is being sent properly and why / why not > > That was very helpful, thanks Can you provide a pointer here? I’ve been trying a bunch of c**l things to bypass the 4xx issue as well as some things found on github but nothing is working (or more likely I’m missing something…).