Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.
Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.
@bu77er0verfl0w said:
Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…
Think about tools which are used to handle this type of data. And look at what you obtain using the tool. Google will lead to some vulnerability to go further.
Any nudge?
Finally rooted! Thanks for this interesting box @MrR3boot!
Hints.
User: come back to the bug
Root: watch what is going on
Can anyone give me a nudge on a jail escaping?
Edit: got it.
This box is totally crazy 
@Shtrikh17 said:
Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.
@v01t4ic said:
Finally rooted! Thanks this interesting box @MrR3boot!Hints.
User: come back to the bug
Root: watch what is going on
Glad you guys enjoyed the Game.
Hey can anyone give me a nudge on how to find the ‘bak’ file? I’ve found all the vhosts but for the life of me I am getting nowhere in finding this file.
Spoiler Removed
Rooted!
This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.
This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.
If you need any help PM me and I will try to guide you without spoiling the fun of it.
Thank you for you work @MrR3boot .
@trollzorftw said:
Rooted!This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.
This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.
If you need any help PM me and I will try to guide you without spoiling the fun of it.
Thank you for you work @MrR3boot .
Most welcome mate
# id
uid=0(root) gid=0(root) groups=0(root)
Finally got it!
The best machine i ever completed hands down.
If anyone needs any help on this, call me on my Discord (Celesian#0558)
So I think I know the exploit to use but it requires creds… can someone chuck any hints to where these might be or let me know if I am on the wrong track?
Spoiler Removed
Rooted! Very cool and hard box. All about enumeration.
Spoiler Removed
Found some cred but can’t seem to get them to work. Wonder what I’m missing.
Edit: Got in, got some file read and got user.txt. Now to break out of jail.
E2: Got to the edge of root, improperly rewrote a critical file. Time for a reset -_-
E3: Finally rooted!
Finally made it to root! My first hard box, it was very fun. It took me ages but learnt a lot. Thanks @MrR3boot and thanks to all that helped me.
Feel free to PM if you need help!
Nice box so far. I like the video thing. I am able to login, but still stuck in jail after 24 hours. Found a way to make some changes on a page, but I don’t know if that is the way. Tried to inject something, but that did not work the first time. Hope they still keep this machine up and I have some time left to finish this machine.
WOW what a ride … thank you
Hey i am stuck, found and enumerated all vhosts. Searched for the b*k file everywhere but cant find it. Pls pm me a hint on how to continue.
Edit: Got it thx @ rulzg