try another method sometimes we have one or method to root the machine 
+s bash
One thing that helped me with sqlmap is removing my current session and start over again.
I already tested injection manually, but kept getting blank dumps like this:
Table: xxx
[xx entries]
+----+---------+---------+---------+
| id | foo | bar | baz |
+----+---------+---------+---------+
| 1 | <blank> | <blank> | xxx |
+----+---------+---------+---------+
Maybe this helps somebody 
also sth like
for user in $();do sshpass -p PASSWORD $user@host; done
might be handy.
need a nudge? anyone i can DM
Hi there, I’m stuck at the user flag. I don’t know how to have it. Now I’m testing the websocket with wscat just as R said but it does’t works. I found the two paths but I still stuck. Anyone wan help me please I feel really bad on this box x)
My username-anarchy script dont work. Im stuck with login ssh. Maybe used chars in login?
The /path that I should set is one that was found during the enumeration?
Foothold was quite an interesting battle (for me), but privesc to root was one of those “it can’t be that straightforward… Can it??” moments.
Hey, rooted the box a week ago and forgot to do a writeup.
Since i dont have many notes i was wondering if anyone did a writeup, if so could you send it to me?
Thanks
Rooted, thanks all for all the great hints.
For user, there is few similar box like this recently using these kind of technology and appreciated to learn about it. I attempt to reuse some code for the access and injection that have been developed for one of the easy box that have done recently. Check the app’s input carefully. Just rmb you need to enumeration hard and don’t miss out if you raise a question, somebody will anser.
The user flag is a lot difficult than the root flag since you need to involve multiple skill to try to understand how the protocol works and the data send. And from that you need to further think out of the box base on the enumerated information.
For root, i was kind of frustrated “The ■■■■ i’ve got to read that huge doc to understand each parameter AGAIN?” no. Read the first few paragrath of the official document and you will figure it out.
The box indeed is not that hard, the point is you need to digging hard.
could you give some hints?
i have found the web socket server and the type of input it accepts but i cannot inject any payload. i have also used wireshark to capture traffic between the downloaded app and the server and i found the subdomain but no useful info in the traffic. after modying the hosts file version and update function work.
Can someone help me please ?
Discord: Th3kn1ght#4799
I have the app but am having serious trouble decompiling it. Can someone assist me please?