Official Trick Discussion

Official discussion thread for Trick. Please do not post any spoilers or big hints.


Noob here. Any nudges or hints please

1 Like

We can only help you when we know what you have tried already. Could you be more specific on where you are stuck?

Ive tried directory busting, look at page souce, looking for subdomains. Have a feeling it has something to do with smtp but what? i see no emails anywhere on the page either

Make sure to enumerate all the ports!


I’m administrator on the web but i don’t know how to continue…any hint please?


I will message you!

i saw what i needed as soon as i sent that!!!

There is an L** in index.php?p*** but i don’t know how to bypass the .php extension.

its a rabbit hole

I just got the admin access and find a way to upload something but still can’t able to bypass that…any hints @anyone?

Can’t find the subdomain, what I am doing wrong?

Just follow what @JacobE said!

enumerated all ports , still nothing … i need a nudge bro help me

1 Like

If you fully enumerated all the ports you would have new things to look at.

You can look up Hacktricks for information on how to enumerate each port.

Hey, got read on System and Admin. Any hint to move forward?

Hi guys.

Anyone could give me nudge on getting foothold? I got the authenticated access on the web app and spotted a potential vulnerability but haven’t figured how to exploit it (Would like to make it execute arbitrary code, but didn’t succeed so far).


hey guys I am getting this error while spawning machine .


There are no available machines currently.

I’ve got user, and f******n seems like the path forward, I’m just not sure how to use it. I see someplace I could put something but I’m not sure what goes there. would love a nudge in the right direction.

i got admin, but cant write files… the user r*m* doesnt have permission to write… i dont know what to do anymore…