Had a rough time keeping the shell going but finally system pwn 
All I know from reading this forum for foothold is ācrafting a zip file to make something disappearā, but I still have no luck after playing with a binary editor for a long time. I really wish I had the skills to say this box is easy for me.
Tambien yo, intente miles de veces eso y no consigo la shellā¦
So I had a tough time accessing the site (could only send HTTP HEAD requests). Thought it was the box and tried a reset, then tried a new VPN config (different server). I recall that adding tls-cipher āDEFAULT:@SECLEVEL=0ā into the vpn config file helps, but it was already there. Finally moved to pwnbox and was able to start the challenge. Anyone else face this issue?
The box itself can be a bit tricky. See what the upload endpoint does with a normal zipped file. If you have hacktricks open on the File Uploads section you can find the initial exploit. To get a shell you need to do something a bit different from the initial exploit. Again see what the application does with the initial exploit, you can get the source code with it, then go back to hacktricks. Thanks to @k_rn for suggesting to use the command line to zip final payload (spent a lot of time trying to get shell with a GUI zipped file).
For root you find the way easily (one of the first things you check). But exploiting it took time, got the pw quite quickly, but spent a lot of time in the library hunt. Had to google to remember there is another common tool used when handling these files that can reveal more stuff. Once you find the path, privesc is easy.
Completely stuck on foothold.
Iāve found a LFI vector, but Iām only able to load .php files. Iāve also tried to bypass the upload restrictions on the upload.php endpoint, but to no avail.
Iām fairly certain using these in combination will gain me RCE.
Any nudges in DM will be much appriciated! 
escribeme al dm si quieres
Anyone able to offer a nudge in the right direction. I know what i have to upload just not sure how to access it once its uploaded.
Can someone help me with the RCE? I have tried but im not sure how to execute the code I upload
If you got your shell by dropping a file, I think you missed the intended path. Iāve found a way which might be the intended way of getting the initial foothold. (at least thatās what I think is the intended way)
lol yea I think everyone is going down the wrong rabbitholeā¦
FINALLY ROOTED! big thanks to @7H31NTR00D3R guided me alot <3
Rooted! This was fun one, and I agree with most: the difficulty is either easy or low medium. Especially the priv esc was quite fast, if you are careful with your observations. The foothold took some time, as I missed one blatant thingy for a while lol.
Overall fun box! Do basic enumeration, stick to the basics when trying for the foothold, do basic enum for root and keep it simple along the way. GL all!
Can someone guide me in privesc to get to root?..
Nice hint. Probably should have figured out the foothold easier on my own, but never tried this technique before.
Now to work on rootā¦
Finaly rooted.
Oh, I was completely swamped with footholds. What I thought was a failure in my early attempts was actually correct.
A little tip about footholds: just apply a basic extension bypass to your ZIP file.
Does anyone have issues with lag on the machine after initial exploit? Type a command and the response arrives in 3-4 mins?
I have days with this machine. I scan the network with nmap TCP 22,80,8080 and UDP 68.
I used gobuster and I found 8 directories. I tried upload pdf file I did good there but not get a reverse shell. I message people here no one answer. I look the majority of the time on google but still not find a solution. Any hand or advice what should I do? I am new , but I am continue trying the knowledge that i learn so far thru StartPoint, Academy from HTB and for some machines with Walk-troughs. However, if one of you guys will message me to guide me on this path, I really will appreciate it. At the end what I want the most is to learn. I know is not easy as every body says but I am willing to continue push myself.
i am finding hard to bypass the zip and pdf whitelist on the browser, i have my rce script already but having it hard to do the upload, i did an upload with the script and pdf file in a zip, and i think it went thru but cant seem to get reverse or navigate tot the scriptā¦help i really need a nudge
Please, if anyone is out there. Iāve been banging my head against the wall for the past few hours but I just donāt know how to execute this File upload bypass. Iāve tried most techniques listed on hacktricks, Iāve tried editing the zip using a hexedit. A nudge would be very much appreciatedā¦