hard

Another good box, perhaps more of a medium level than hard. Initial foothold needs long patient enumeration, wordlist choice is pretty key

Recon to foothold We are given an employee’s Twitter account, hakanbey, so let’s start there and look for potentially useful snippets We get a hostname to add to /etc/hosts We find an invitation to send an XSS or similar attack That’s about all we can extract from the Twitter account, let’s have a look at the deployed machine now, starting as always with a scan...

This box shows it pays to check every link during enumeration (tip: spidering). The box is probably pitched too high at hard, it’s more of a medium box imho

Rated hard, that seems fair! It’s a tough one with many steps and lots to research. Excellent box to root, learned a lot

A room by MuirlandOracle, rated hard, with a very tricky foothold but then pretty straightforward for a Windows machine

A ‘New Year’ series room by MuirlandOracle, rated hard, complete with many rabbitholes and tricks. This one took a while!