This is not against forum rules. This forum is not just for “Rooted” messages. If you checked nginx.conf it’s not even a spoiler 
1 Like
Try to find what secret those files might be holding.
What can you do with it, what can you read/modify on the box ? Is there some tools designed to work with those secrets ?
You might want to obtain credentials for the users you have found. Might as well create your own 
2 Likes
Can someone give me any hint on the initial foothold? I enumerated all the services but couldn’t find anything to exploit. I’ve found a service that is not working but not sure what to do with it.
enumerate other types of config files.
Hey, anyone able to chat about the initial vuln? i just want a sanity check about my direction. Thanks
feel free to hit me up
No need php filter.
thanks, should i target the root, http://snoopy.htb/ or a specific sub dir?
a little bit stuck on which files are interesting to look at
same here. I have a rough idea what could be interesting, but fail to guess the proper directory/file names
one of the known bypass methods 
1 Like
the first and simplest one. Thing go worse after this…
Found the lfi but haven’t gotten any useful files yet. Any hint?
the files that i found don’t have any useful information to proceed ahead. A little nudge will be appreciated:)
1 Like
same here
1 Like
any hints about conf files ?
I know that you know , just asking for a better understanding.
In this case, we have an Arbitrary File Read (AFR) vulnerability and not LFI right? as there nothing is being included in the code. Also, I’m open to any kind of discussion as the main purpose of this cool stuff is learning.
1 Like
this. it’s for discussion of the box… not to say “rooted” and leave
2 Likes
It’s already in the right format, you just need to perform the transplant
Is hosting my own “something” server and receiving someone else “reset notification” the correct way to go?
1 Like