Yeah, I have to wonder if it was tested.
@waywardsun said:
Yeah, I have to wonder if it was tested.
100% was tested for 4-5 weeks before submission. All items and “rabbit holes” are working as intended. The box was tested again after submission by the HTB team not for rabbit holes or “unhackable” but does it have a flow, is it stable, are the steps logical to follow. Just gotta look a little harder and try different things. Never rely on a single tool for your enumeration or cracking.
@waywardsun said:
Yeah, I have to wonder if it was tested.
they dont know what medium means, but it’s not new.
I think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints 
But always love to play with python boxes.
seems that someone has taken alot of time to hide flags… where ever i go i see dead ends
Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.
Any tips to enumerate this box?
user was fun : )
@ozymandias said:
@incidrthreatI think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints
Now that user and root bloods have been taken this is when the novice can take their time and learn from pros like IPPSEC and M0NOC. Each of them have a very distinct methodology and set of tools that work for them in an engagement. Learn from them and you will get it, I assure you. Good luck!
@asifsohail said:
seems that someone has taken alot of time to hide flags… where ever i go i see dead ends
xD Nope. Flags are all in their normal locations unhidden and in plain sight.
@labyrinth said:
Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.
The usual suspects will do just fine, learn to fine tune what you are looking for instead of JUST a 200 response. Be more attentive to what you are receiving and fine tune it to get what you want. 
Attention to detail in the enumeration/reconnaissance phase of the Hacker Methodology will go a long way.
@TheNerdOne said:
Any tips to enumerate this box?
The only tip I can give you without spoils or leading you down a wrong bath is this: Pay attention to the small things. The details of what you are receiving from a scan vs what you are expecting. And that everything on this host in intended to operate the way you are seeing it.
@elihtb said:
user was fun : )
I am really glad you thought so. Thanks. Now go get root =D
Ok, thanks for the suggestions
Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.
Just got root.
Nice box. I think I got really lucky in the privesc - don’t understand exactly how what I did worked. But root is root!
Rooted. One small hint from me for final part: if you feel, that something should work, but it is not - try to get your suite off
I’m wondering if there’s a bug with Oz. I’ve been enumerating a particular endpoint and everything works fine for awhile, but I notice it starts throwing 500s instead of the gibberish or correct info I’m looking for, and at that point the endpoint becomes useless.
Not sure if maybe it’s a side effect of someone getting user/root, or maybe someone messing with it once they get access, but it seems like an issue to me.
@chickenbit said:
I’m wondering if there’s a bug with Oz. I’ve been enumerating a particular endpoint and everything works fine for awhile, but I notice it starts throwing 500s instead of the gibberish or correct info I’m looking for, and at that point the endpoint becomes useless.
Not sure if maybe it’s a side effect of someone getting user/root, or maybe someone messing with it once they get access, but it seems like an issue to me.
I haven’t got the user flag yet, but if its the part in thinking of - look into the payload that caused a 500
Also getting 500 sometimes on things that clearly were working. Also system access dropped to read-only filesystem multiple times. Other times the access method won’t work either. Don’t know if it is part of the trolling. Fixed it with a reset.
@ganbaruTobi said:
Also getting 500 sometimes on things that clearly were working. Also system access dropped to read-only filesystem multiple times. Other times the access method won’t work either. Don’t know if it is part of the trolling. Fixed it with a reset.
The read-only issue I am attempting to resolve, this is what causes the 500 errors where there was a clear response. This is not a troll, just an issue with folks attempting bruteforce where there is no need to bruteforce. The read only issue can be resolved with a reset. For now that is the only resolution when that happens.
@bobthebuilder said:
Just got root.Nice box. I think I got really lucky in the privesc - don’t understand exactly how what I did worked. But root is root!
DM me and we can discuss what gaps in knowledge you are missing
rooted, learned a lot from start to finish : ) thanks for a fun box
Guys, if you see 500 at end point just disable your suite and use browser only.