@elihtb said:
rooted, learned a lot from start to finish : ) thanks for a fun box
I am so glad you liked it. Thank you.
@waken said:
Guys, if you see 500 at end point just disable your suite and use browser only.
Oh yes, that is also a good point. Yes, that particular host piece is not a fan of the suite.
@incidrthreat @Mumbai You did an awesome job with the box, i have some question regarding the forwarding method that i used, or more like it’s a little bit of confused if some of you is still online on mm, i would like to know more about my " situation ". Further more good job, thanks for the anoying box Kek.
@labyrinth said:
Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.
+1 I’d love to know, too
@incidrthreat The Oz box is released and Dorothy’s missing slippers are found 13 years later. Did you have something to do with this?!
@drtychai said:
@labyrinth said:
Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.+1 I’d love to know, too
Might it be this?
https://www.youtube.com/channel/UCwypnc62aHX0M-Uf-vE94TQ/videos
@incidrthreat said:
@waywardsun said:
Yeah, I have to wonder if it was tested.100% was tested for 4-5 weeks before submission. All items and “rabbit holes” are working as intended. The box was tested again after submission by the HTB team not for rabbit holes or “unhackable” but does it have a flow, is it stable, are the steps logical to follow. Just gotta look a little harder and try different things. Never rely on a single tool for your enumeration or cracking.
THIS! 
So for those interested m0noc’s blog is located: blog.m0noc.com
He said he hasn’t updated it in awhile but I’m hoping he will start back up soon.
@incidrthreat The blog is a .com site. “http://blog.m0noc.com/”
For those that can read files did you first have to get the username and password
@tigr8787 said:
@incidrthreat The blog is a .com site. “http://blog.m0noc.com/”
Fixed. Thanks!
@genxweb said:
For those that can read files did you first have to get the username and password
not needed
@w31rd0 said:
@genxweb said:
For those that can read files did you first have to get the username and password
not needed
Thanks. I think i found proper path. I found two things interesting and right now getting the 500 without my suite trying to determine proper syntax
I need a little help in getting initial foot in to the box… can anyone please PM me i want to know that i m on the right track
@asifsohail said:
I need a little help in getting initial foot in to the box… can anyone please PM me i want to know that i m on the right track
Just gotta enumerate to find information to get a foothold. The box is pretty forward once you get passed the ScriptKiddie games.
Iam I chasing a rabbit. Found a app on on port. I granted myself access. Based on the docs I should be able to use it to access a console. Trying not to provide any spoilers. Can someone message me…
Can I PM anybody about privesc? always get JSON.parse: unexpected character at line 1 column 2 of the JSON data
EDIT: If someone got the same error, just use chrome…
■■■. I was in a rabbit hole or least a side tunnel of the main hole. Finally stepped back and saw the answer right in my face hours wasted.
I’ve got a key to the front door, but I can’t make the lock appear. I’ve seen text that hints at how it’s hidden, but without the information I need to make it appear. Anyone have a nudge in the right direction?
@Morfaroth I’m stuck at the same place. Maybe we need to retrieve the “instructions” that explain how the lock is hidden 
got shell on first host and found another 2 hosts. but no idea how do i go there, tried to knock the door, but no luck, if anyone have a nudge can help to pm me please ?
thanks!