If someone can pm me for help with initial foothold that’d be great. Found an error an some vhosts but can’t figure out how to go any further.
Hi 
If some can PM me , just for see if my “enumeration process” is ok , I find somes “interesting” files
Rooted, CTF like in places. Once you get past the initial guessthebox it flows pretty nicely. I likes how you’re constantly combining information in new ways to get new leads.
no more problems
didnt find anything just /lau**** is it related to j*t to get the next step ?
hey I guess I’d like some nudges, anyone please?
because @YanTayga mentioned being stuck because of a wrong wordlist, I wonder how many vhosts there are? I found 3 (apart from root): d**, st*****, c***. That enough or should for a better one (did the top1mill-110000)?
Found 3 php files at /l*******/, none seem too helpful (their name seemed randomized yet only one char differed between the 2 I found manually so I fuzzed that changing char and found a third)
One of them says not re***** *** and the countdown is client-side on the main page so I doubt freaking around that would make a difference server-side
Found 2 different s** servs, one considerably older than the other (maybe vulnerable? DidN’t find anything useful yet tho)
That’s where I’m at, any nudges/ideas/helps welcome here or PM too, thanks in advance
Found creds for I*** which worked for a high port *** service. Found it’s only use for p***-f********. Couldn’t get in to I*** though (co******* re*****) even with both po*** r*********. Found creds for MS** and got into the . Found nothing interesting but can write stuff that gets printed on st*../up.*** but since its ec**** cannot run any commands not even a simple ec**.
Stuck atm and going crazy I cannot acces I***, please nudge here / pm, thank you
Hey peeps, I got the login page in d*v.p*****.h** but im afraid im stuck there. Can some kind soul nudge me in the right direction ?
Hello guys, I tried enumerating, this is what i got so far:
- some strange udp port (halflife?:D)
- 2 **h services, one is a bit outdated (possible RCE, but creds are needed)
- enumerating vs, i got 3: d** (with login page),st*****, the main one lau*****, and b**kp (this last one thanks to the “quick” error message on st*****), but seems a copy of the main one (lau*****).
I’m dirb-ing the vh*, but I feel like I’m missing something.
any hints? pleaase
Just because there’s a dir in a specific path doesn’t mean it’s a vhost (don’t make patterns out of nowhere). Just to save you some headache, there are 3 vs but bp isn’t one of them. See for yourself, create a whole random ‘asfasfaf’ and it will still be redirected to the main one
So you know these guys like taking backups, though. What if there are backups of other files, too? Like the pages, especially ones whose sources you cannot read in the current extension, maybe in the ‘backup’ extension?
Anyone willing to help me with a nudge to start this box? I can’t find anything for the initial foothold 
Hi All, after rooting a whole bunch of easy/medium boxes I thought I’d try one of the hard ones, but I’m pretty lost even how to get started. Found a page, and some interesting behaviour but not sure where to next… Could someone give me a nudge?
I found the upload page and I know what’s doing when uploading a file, but I’m not exactly sure how to exploit it, could someone give me a hint?
Just finished this box after a long time and some help here and there. I first want to thank all the guys who helped with this though machine. Second and huge thank to @MrR3boot for this amazing machine. I learned a lot and used some kind of dark magic I’ve never heard of before 
Now for those looking at page 4 for hints:
USER: Be really careful in your enumeration (there is more than file enumeration). The user part is long and you will need to enumerate a lot at each stage. Also, don’t hesitate to use Google but that’s pretty obvious.
ROOT: There are two ways to get root. Again here, enumerate correctly, read carefully and analyse your findings (google is your friend here too if you’ve never seen this kind of vulnerability).
If you need help, don’t hesitate to PM guys 
Brilliant box, learn some much. The video part is really cool.
USER: user make sure you view each file source, it’s all there just make sure you make notes a long the way, further on when stuck try to review files you weren’t able to view earlier.
ROOT: Standard enumeration just watch what system is doing and try to take advantage of it.
Got User in a couple of hours. Uff! Now going for Root. Beautiful, hard OSCP-like box so far. Bravo, @MrR3boot!
Tip: Enumerate the ■■■■ out of it and write down everything (errors, CVEs, filenames, I mean e v e r y t h i n g).
EDIT: Rooted. At first, I had limited write access to the filesystem, but in the end I switched to another “something”. God, how could I have missed that? Guys, always stick to the basics, don’t complicate things, and, who knows, one day you might escape your “destiny”.
Interested in what people recommend for vhost enumeration tools. I have haven’t had any luck getting one of these going.
Type your comment> @sneakypanda said:
Interested in what people recommend for vhost enumeration tools. I have haven’t had any luck getting one of these going.
Wfuzz
Type your comment> @sneakypanda said:
Interested in what people recommend for vhost enumeration tools. I have haven’t had any luck getting one of these going.
dnsmasq + gobuster. Worked like a charm.