@sunnyhax said:
where i can find passwor@.txt ? i got FTP access but only notes there .
Fairly sure the notes says where it is.
rooted fun box! learn a few new things here. Cant belive the rating it has though I didnt experience any weird crashes (maybe because im on VIP I dunno)
Thanks for the box! Feel free to PM if you are stuck!
Rooted, quite possibly one of the most irritating boxes Iâve ever dealt with⌠Thankfully over now
I know its been said before, but the machine authors really do have a hard time determining in advance how a box is going to perform when hundreds of people are stepping on each other.
This one really makes the case that if you spend any amount of time on here, you should really invest in VIP access or go in with a group for a dedicated server. It just saves a lot of time and heartache on some of these.
I stuck because machine is restarting in every 5 min.
have imported my exploit for root via API but for the life of me canât see how to create schedule for the last step. any pointer appreciated.
@WibblyWobbly said:
have imported my exploit for root via API but for the life of me canât see how to create schedule for the last step. any pointer appreciated.
You can do it without creating a schedule, just with the API. I didnât figure that out though and had to just do it through the web front end and used that to create a schedule.
What a roller coaster this one wasâŚ
Here is my two cents on this:
Foothold:
See which ports are open, find the lowest hanging fruit, you can find some clues on what to look for and where to look for it.
Look for a vulnerability on one of the services mentioned on the info you gathered in previous step, it helps you get a bunch of GOODIES (you know where the goodies are, use the vulnerability to fetch them).
User:
Once you get the info you might think of brute forcing, DO NOT do it, simple trial and error will give you what you want without killing the machine for others.
Root:
Taking a look at information you found when trying to get a foothold, you can find the second vulnerable platform.
Here is where it gets all tricky, the exploits you find online should only give you an idea.
You can do what the guide tells you using API so RTFM (I skimmed through it and wasted a whole day banging my head against the wall), all you need is in the documentations (Do not focus solely on the scripts part, look at other sections as well)
DO NOT ATTEMPT TO RESTART THE SYSTEM, THE SERVICE WILL DIE, YOU DONT NEED TO RESTART IT.
Again, you know what you are looking for, you dont necessarily need to get a reverse shell, think outside of the box and maybe you will find a better easier way to do it.
PM for nudges.
So the only thing I need right now is for the scheduler to run the schedule, but the page just collapsed. So not sure how to proceed now, I guess there has to be some way to resume the service in that port?
allright I was finally able to finish this. Huge relief, and honestly happy to have gotten my first ever flags outside the Starting Point tutorial.
Finally rootedâŚ!
hints for root is to use api to add script and execute the query
web ui sucks
Type your comment> @TazWake said:
@acidbat said
User was fun, stuck on root since the WEB UI is rubbish and I keep getting a 403 error with the right password.
A nudge or point towards the API method would be greatly appreciated.
Turning into a silverfox with this box
This is helpful: Welcome - NSClient++
Thank you
Hey ,
I tried executing my *****.bt file ⌠but every time i receive a user reverse shell rather than a Root shell.
I am using web APIs⌠please provide a Nudge
rooted.
Not gonna lie, I wasnât expecting to get it right when I did. Lol
Got user and now I go to the root according to the first impressions easy machine 
RootedâŚ
nice and funny box but was a lot of reading through the manual, also installed the N**** Client on my machine to rebuild the path. couse the box is down every few minutes.
Again to all: there is no need to restart the box or the service!!
If anyone need a hint, feel free to write me.
Ok im having issues getting the foothold. I found the way in but am not that great with windows machines. Can someone pm me and help me out a little. It would be greatly appreciated.
Finally rooted,
All hints are on the forum.
I went the UI way (maybe a sucker for punishment) but got there in the end 
Patience is the key and NO, you do not need to restart anything (even if the Exploit tells you to)
If someone could explain to me the API way that would be great.
Thank you @dmw0ng for the machine, I had lots of fun (and frustrated lol),
Type your comment> @acidbat said:
Finally rooted,
All hints are on the forum.
I went the UI way (maybe a sucker for punishment) but got there in the end
Patience is the key and NO, you do not need to restart anything (even if the Exploit tells you to)If someone could explain to me the API way that would be great.
Thank you @dmw0ng for the machine, I had lots of fun (and frustrated lol),
API was def easier, I could not even fk wit that GUI. hit me up on DM if you want some details