I tried all possible combinations but not works. I tried automatic tool named dotdotpwn but not works!!

Any hints?

I wish I could help you more, but one of the bypasses on that page worked for me.

boh… I stuck… I’am crazing

I’ ve a doubt, maybe the creator of the machIne has patched the vuln L**?

I don’t think so, I did it 2 days ago

Another doubt . The link that I 'am fuzzing is

p*rod-pall.tck.htb/iex.php?page=

It’s correct?

No, I think that’s the problem. That subdomain is a Rabbit Hole. It only helps you to find another one similar.
Some people said you need to enumerate more DNS, others said there is a local config file that helps you to find it and for me it was using $vhosts tool and a combined wordlist made by me.
But the key is that you need to find another similar subdomain.

Yes… Now I understand… More enumeration of DNS…

Thanks a lot

Your welcome!

Port 53 appears to be closed. what am i doing wrong

Its 80 port might be unable to visit though reset.

Hint: use some basic tools like dig and ffuf to get those domains ( # - # .trick.htb)

Got user.txt but flag is not being accepted. Looks like someone is replacing it…anyone else?

You can DM me on Discord of HTB if you need assistance still… Sorry I was on holidays…

Try resetting the box, otherwise your flag is not legit if you know what I mean…

rooted Thank you

Still not working after reseting the box…

Rooted! Fun box… Thanks for the info! The foothold was painful and took me 4 days to get but past that with help from everyone here and google not too bad. Def a Med for user and easier root.

rooted! got over the initial enumeration thanks to some tips from this thread. Root was a breeze compare to that. Nice box!

(post deleted by author)