i found the authentication required but i stack there help me hint ple
I haven’t found /c*******. I’ve used dirb and dirbuster. Dirbuster keeps giving me errors, pauses itself or has a 8hour wait time. Dirb doesn’t find it. Very first box, still have a lot to learn.
Finally rooted, If anyone needs any help ping me.
Anyone able to hint me how to get anything to test the C…/i…php file. Getting headaches trying to deal with tokens to attempt to logon…
Almost thinking of resorting to guessing and typing passwords in…
Finally rooted.
Thanks for people who helped for this box.
Path to w**-***a > root was way easier than anything else.
If needed ping for nudge!
can anybody give me a hint on what to modify on my script . i got the cred but i cannot trigger the listener…
I’m Have w**** shell but I need advice for root 
I found c******* login page but i’m unable to get the login credentials with hydra a little nudge would be appreciated
Someone could help me please? I know the cre for c******* and I found the exploit but it is not working! It says run succerssfully but I do not get a shell…someone could please help me out?
@beorn has been a great resource for help/hints but he hasn’t responded for ~8 hours and I’m still stuck at the ■■■■ web API. I tried the C** e****** written by the author but it doesn’t grant RCE as it’s supposed to. I get errors with the parser that I don’t know how to fix and just, blah. Again, totally new to all this (besides some web dev/Windows sysadmin experience). He suggested I try to gain RCE through the a**** p***** of the web API but I’m finding nothing and I’ve spent hours looking and tried a few things - only one of which I thought would actually allow me to connect remotely. Anyone available for some help?
Stuck with the c****** login.
brute forced a password but it says 403. and sometimes it logs in on its own, I have no idea how that is happening.
Any help would be appreciated
EDIT: nvm logged in. That was stupid of me.
Got root, and then user… is this intended? did i miss something?
Type your comment> @t4l0 said:
Got root, and then user… is this intended? did i miss something?
I think there is a path from user to root but I went from w**.d*** straight to root also. That seemed to be the path of least resistance.
Rooted.
Did someone tried to crack the .ht****** file? → maybe is that the path for w**-***** to user?
Hi please PM me for help with getting root or user. Got shell allready but I am stuck.
PLEASE PLEASE PLEASE When I try to exploit c****** manually, it says 403 forbidden. How can I bypass it? Please someone! I’m stuck for days 
All, I am having trouble escaping particular characters when it comes to the cve script. I am new to this and haven’t dealt too much with escape characters. PM pls and I will show you what I have tried.
Hi, so this is my first machine, trying to get in for days. I tried all of the possible passwords and wrote custom bruteforcer in Python to handle anti-C***. Finally got password for ***, unfortunately it says Forbidden. RCE Exploit does not work, as I suppose it should receive 200 after authentication and not 403. Any hints how to overcome this one?
Ok, I know how to proceed further. Will try to use a instead of regular traffic.
Frustrating… I can see NC receive a connection but I’m unable to issue any commands (at least I’m not able to see the output of them). Any ideas?