Type your comment> @DeepStorm said:
I found admin page this, is this a right way to root or rabbit hole?
Not a rabbit hole. 
WOW, finally I got root.txt
Many thanks to so many peoples who helped me during last couple of days.
Especially thx to argot,FlameOfIgnis,Warlord711,jkr etc. etc.
This server was really hard for me, I needed too much hints from other, but I learned A LOT.
Thx again for the great box.
Could you give me some hints for root PM
please could someone help me get a foot hold getting a shell PM me. thank you.
how did you solve āadministratively prohibitedā ?
Iām still stuck at the upload part (after sftp), canāt get any output to see what Iām doing wrong, and why it isnāt uploading.
Anyone had any advice?
Would anyone give me a hint for root?
Iāve found the obvious thing I can do with this user, but I cannot use the āparametersā without providing a passwordā¦ hmm
One thing I would like to know. Is there someone with the OSCP certification ?
How hard or simple is this box compared to boxes which are used during OSCP certification ?
Type your comment> @GordonFreeman said:
Type your comment> @Manb4t said:
Type your comment> @GordonFreeman said:
Would anyone be able to assist with intercepting the tunnel traffic with burp? Iāve been struggling to get this working correctly but feel I am super close.
remove 127.0.0.1, localhost from exceptions in browser
@Manb4t thank you, I would have never seen this!
No problem.
guys any help for root is apt exploit ?
got root, learned a ton about a-g
Hi there,
I really appreciate hints, directions, nudges,etc. to upload plugin on admin application.
Please, PM me.
Thanks so far.
Cheers
UPDATE: Nevermind, i got it! And learned new things!
Thanks to @NaNkeen and other HtB minions for the support!
Cheers
Type your comment> @dapasslacho said:
got root, learned a ton about a-g
Can you recommend some links? Was searching for reference material but did not really find good stuff about the inner workings.
Hello,
Some advice to elevate privileges for the user.txt,
Greetings
Type your comment> @noobsaibo said:
Hello,
Some advice to elevate privileges for the user.txt,
Greetings
after download it by sftp : get user.txt and in your pc do chmod 777 user.txt because when you download any file from Linux it well carry with permission
Appreciate a nudge on this one.
Hereās what I have so far.
Enumerated for additional credentials based on provided help commands of a common service.
I understand thereās a high port with a particular service running and Iām able to configure a tunnel to it via the provided credentials, but still hitting a 403 forbidden on the admin panel.
This box is so slow right now. I am on VIP, I have changed servers twice. I canāt even get to the webpage. It starts to load then times out. So I canāt do anything anymore. Anyone else having the same issues?
edit: I have also reset the box on my current server and the first server I was one to see if someone else altered something slowing it down. So I have tried a fresh box twice.
Check if you do not suddenly have two tun interfaces on your Kali. If so, restart your machine, not the server.
Got a shell, I think I have permissions to so as o*******n without creds, and use a-g to priv esc. But I keep getting an annoying lecture. Any nudge to work around this?