I think I've mentioned that I dislike the puzzle style boxes.  Seems like the last couple of Vulnhub downloads required me to solve problems that had little to do with real world scenarios.  I hate to quit midstream but my personal goal is to hone my craft, learn new techniques, and improve my documentation skills.  Hunting for the hidden page, behind the hidden page, behind the hidden page, using a wordlist I scraped from some video game fan page is not exactly what I had in mind. #truestory

Searching through Vulnhub, I spotted the SP series and I remember it being fresh, challenging, and at least semi real world.  Jerome's description:  "Jerome has created some awesome recipes. Can you find them?"

I'm glad I found my way back to this series because while Jerome was never hard, it was challenging and it kept me on my toes.  

This is one of those things that is pretty benign but just makes people crazy.  In the Burp Suite history, we repeatedly see entries for http://detectportal.firefox.com and the frequency is ridiculous.  I have this disabled in my c2 image but I hopped on a client's Kali install and there it was... tormenting me:

I think this is from the same author that has produced a couple (?) of the advanced web application machines.  The description for this box states:  "The library is a sophisticated web application which has few advanced vulnerabilities. You will have to think out of the box to be able to compromised successfully this machine. If you can't you can just enjoy countries history ;)"

This one was tough.  The injection is tedious and tricky but if you take your generic queries into SQL and you look at the responses, it will become obvious as to what will and will not work.  I'm trying not to spoil too much and perhaps that hint is enough by itself.