Can someone help me figure out what is going on with my exploit for the initial foothold. I get a hit on my python server and i have made the appropriate changes to my zip file. Why am i not getting a shell back?
Any tips on how to find the url Admin page?
If you found the PoC most people seem to have, check the pull requests on the repo. Someone made it much more straightforward to use.
Thanks I was able to figure that part out, stuck on the PrivEsc at this point 
I guess there are several ways for Root PrivEsc but Iām unable to find creds for the account with nopass sudoer, I was able to test that path of PrivEsc (after got root and just su - to that nopass sudoer) and it works. but havent found way to get access to this nopass sudoer user. anyone have found it ?
Iām pretty sure Iām at step 3. But Iām kind of sutck. I found a #ā¦# but itās not workingā¦ Can I dm you or anyone for some guidance ?
I found myself in the exact same situation and I came to the conclusion there is no way to that user. I believe this is the trickster part of the box. A very nasty rabbit hole.
Iām still trying to find user password for adminā¦ but nothing. I think that after found admin directory we should try to find a web site vulnerability but i donāt know. iām losing my mind.
iām sorry but your ātipsā arent very specificā¦ These tips could be the initial text to every box @HTBā¦ 
Could anyone dm me about privesc? I feel like Iām doing something wrong or donāt know how to do something. I found the d***** address, but canāt figure out how to connect to it.
try several thing for d* donāt try only one
Stuck inside the d****r as root but no flagā¦ what am I missing here? How to get outā¦ anyone got a hint that doesnāt spoil the surprise? 
i am failing to FUZZ the main thing and also a the shop thing am i doing any rookie mistake
Can i kindly ask someone to give me small hint? I feel like i am trapped inside 172xxxxxā¦
Just to mention this, but the Activity Log for this box says that the root password inside the d***** was removed from .bash_history on the 30th of September by the ownerā¦ so the solution was different for the ones who rooted the box before that date. And Iām still stuck. 
check inside the /opt on the host. There is an interesting program which has a vulnerability
with the change, this should be in the hard in the category. itās not fair to put in medium category
yeah thanks, i already escaped d* and now i am fighting with the privesc ā¦ i just cant believe i am doing this 27 hours without pause rn 
but finally here
anyone got any hints for rootā¦stuck on what I believe d*