phew, finally rooted. Though I found other weakness in the code, couldn’t exploit that.
This machine took my lunch time and beer time for a couple of days 
PM if you need help
This box showed me all kinds of new stuff, thanks for that @MrR3boot !
Unfortunately due to all the resets and connectivity issues, it was rather hard…
I just took it slow with Quick
PM or Discord #4092 for help
Wow rooted!!
It was a great box overall that made me learn, i probably liked the most using this new technology and lateral movement from user 1 to user 2.
Thanks @MrR3boot for a great box!
Can PM for nudges
root@quick:~# id && hostname uid=0(root) gid=0(root) groups=0(root) quick
Rooted !
Excellent box, I enjoyed all the parts (except the last one maybe). Learned a lot !
Thx @MrR3boot :).
PM if needed
I feel like I’m so close to a shell… I’m signed in and using t*****.p** to inject an e**:i****** which collects my x*** payload and gives me r**. But the instruction seems to terminate early. I can make it call me, and I can get evidence that it’s doing something. I just can’t fork what I need forked, and without the forkage nothing is getting completed. Using J*** because that’s what all the samples use. But maybe it’s not possible like that?
I’ve also tried simple leaking file content into the output and that doesn’t seem to work either, though I suspect that’s not enough to get a shell.
I have to be close. Can anyone give me a nudge?
Edit: Rooted. Got a few nudges - respect distributed. Wasn’t forking at all. A good face-slapper when all’s said and done.
@mRr3b00t ■■■■ of a machine. Well done.
Type your comment> @ElVi7MaJoR said:
hey,
i want to say to whom changing the s****m password there is no need just DM me i will give script to decode the hashand please no need to reset every 5min
im fighting against changing pass and resetting and f5 and i need to be quickplease !
Or… you know… there’s an even easier path with your own hash… 
No need to crack or even disturb the original creds at all. Be like water…
I’m an e** i******** virgin. Been reading up on it and i evidently can’t figure it out.
Any tests arent reaching my machine. I’d appreciate discussing with someone.
I have reset the box a few times, the ticket search bar was returning active tickets earlier and is now not doing so!? - anyone else having this issue?
I am stuck at setting ‘it’ up. If someone too had a lot of trouble and still got it set up or if someone want to help please DM.
Finally rooted. User 1 - User 2 was really interesting, I think I did it slightly differently to intended, but it worked out in the end. User 2 → Root took me a long time first because I was blind and then suddenly it clicked. I let out an audible “wtf” when I tried it 
Thanks to @LuckyLuke42 for the nudges/help
What’s with the connection refused and Error retrieving URL when executing the payload for user?
Wondering if someone can provide some insight moving from user1 to user2. I am inside the P*S rint S**er and have made some connections but not getting very far. Is there a sm link I need to make? Looking at the files and error messages, I have somewhat of an idea what is happening, but not sure how to exploit. Thank you.
rooted!
What a journey initially, thanks to @3l0nMu5k for nudges (and more) about the esistuff
What a battle has been escalating user1 → user2! Battling against everyone else on the server running the same scripts all together, files overwritten, and the resets, over and over… by the way, what happened this evening?? I’ve been all alone for hours… was I the last one missing root?!
And the root part, whoa, I’ve got nothing to say about that, simply cannot believe. Could someone please explain it?
Nice box @MrR3boot much appreciated!
Thanks to @MrR3boot for this awesome machine and thanks to @dinosn for helping me in the email guessing part (really don’t why I don’t use that top-domain from the beginning)
My Hints:
User - 1
- Follow those steps
- Generate it based on the initial information. Remember that they are Corporations (thanks to @dinosn )
- Nice! looks like you can modify it
User - 2
- 3…2…1… *F1 car sound*
Root
- It’s in front of you
Hope this is not a spolier, if it is, remove the post
Please could I get a nudge for initial user login?
I believe I have a password, …3$$ (I am assuming that once I have this information I don’t need the special tool for a while)
I am trying the initial /login.php
After manual attempts, I have used cewl to grab list of words from / and /clie***.p**
I did this as I noticed there are different spellings of some names from one to the other.
I have put together a username list of (tried original case and then :lower:)
w1@w2., w1@w2..** and w1@w2.. and thrown it all in, but got no positive answers.
I am obviously missing something simple, or bruteing up the wrong tree.
Type your comment> @sulcud said:
User - 2
- 3…2…1… *F1 car sound*
Hilarious! I would add cartoon-style bouncing sounds too.
Hi, for getting first shell when I use nc without -e it connect to me but when use -e /bin/bash it won’t connect also ping worked fine,any help?
Type your comment> @ByteM3 said:
I’m an e** i******** virgin. Been reading up on it and i evidently can’t figure it out.
Any tests arent reaching my machine. I’d appreciate discussing with someone.
I’m in exactly the same position. Tried everything I can think of but I cant get it to work.
Thinking this may be outside my capabilities for now.
@DarkAngel3007 said:
Type your comment> @ByteM3 said:
I’m an e** i******** virgin. Been reading up on it and i evidently can’t figure it out.
Any tests arent reaching my machine. I’d appreciate discussing with someone.I’m in exactly the same position. Tried everything I can think of but I cant get it to work.
Thinking this may be outside my capabilities for now.
If you google what you are trying to do, there is some helpful stuff.
root@quick:~# hostname && date && id
quick
Wed May 13 08:27:48 UTC 2020
uid=0(root) gid=0(root) groups=0(root)
Thanks @ElVi7MaJoR for tips and @MrR3boot for this box