Spoiler Removed
Rooted. Thanks, @MrR3boot for such a great machine.
User - A lot of enumeration and googling. Google every piece which you find odd. It will be a long ride.
Root - Very easy. Took me just 5 mins. Look closely at the processes and dots will connect.
hey can i PM someone about the path for the initail foothold exploit
Nice box @MrR3boot! User was really nice, got stuck a couple of times. Root wasn’t that hard compared to user.
@MrR3boot Thanks for this box, i really appriciated the experience 
*I actually feel i gained more knowledge from the root part than the user, but user was fun fun fun.
User is really torturous; had to dive into the source for this one.
Root was really easy though.
Thank you for the box @MrR3boot
Type your comment> @ScreenSlav3r said:
Type your comment> @sneakypanda said:
Interested in what people recommend for vhost enumeration tools. I have haven’t had any luck getting one of these going.
Wfuzz
I’ve tried that without luck. Think I must be looking in the wrong place. Would appreciate a nudge.
Try Smarter @sneakypanda. Thanks for the feedback @weelye, @Ketil , @mooncak3, @gustystream, @combinator, @hackforfun and @Kucharskov. Hope you had fun with the box.
Great box !! finaly Rooted thank to @MrR3boot !!!
is there anything to do with the default domain, or is it just rabbit hole?
EDIT: nvm, got it.
Spoiler Removed
I have absolutely no idea how people guessed right way to file in process.
If you are trying to enumerate all what you can, and then somehow combine it to way-to-go this is not that kind of machine, at least it is not for foothold’s file in process.
Okay, need a nudge. I don’t understand what I am missing.
so enumerated vhosts. have a few of those found. one seems pointless as it is just javascript and pictures. read through the text though. it looks like a hint that i dont get. with two others i feel like i did everything I could, but i cant guess the greds for the d**.er.htb and can’t find anything at stg.****er.htb. found bak file. but i have no idea where to use the string from it.
could somebody give me a hint? i am very confused with all of the enumeration here
do we need a special wordlist in order to crack the hash for the web service on d*?
UPDATE: others said that rockyou should work for everything here at HTB. so there should be another way in, not just cracking the hash.
I’m really stuck on getting anything that the hints from the c*** vh*** are saying. I have gobustered everything and looked at everything, but just can’t see where to go from next. i feel like the response from the con****.p** is telling me something but I just don’t know what to do with it. Ahhhhhhh
What could possibly be done with this uploading?
EDIT: Without knowing how uploading work it is really hard to highlight useful vuln from tons of strange search results.
I’ve just started exploring , however I’m having timeouts with this box on vip server.
Rebooted - still doesn’t work.
Is it a bug or a feature?
got some creds and now stuck at l*ll. Trying to escape but very few doors. any hint would be appreciated.
Awesome box just, rooted thanks so much @MrR3boot one of the harder boxes that I’ve done but super satisfying!
@bluealder Glad that you enjoyed it