Recent Activity

farfrumh0me → badman89

Still working on offshore?

2:20AM
farfrumh0me, ouizbajr, bivhitscar, UARdevin, YASWELL and 3 others joined.

Welcome Aboard!

April 18
gaius → N30C0UNT

Hey, I hope you don't mind me messaging you. It's regarding the "massacre" challenge. I'm really stuck on this, since my idea doesn't turn out to be something valuable. I noticed most of the r,g,b values are round (divisible by 10), and some pixels are not. Am I in the right direction? Would you spare a hint?

1:11AM
Roard → Lotus

Hi Lotus! you need to change security context to read user.txt in Irked

try ls -la as the first step

April 18
osmus, Almadjus, anon151019, Roard, ARainchik and 35 others joined.

Welcome Aboard!

April 17
LegendarySpork

Sorry everyone if I don't respond to messages... I am not active on HTB these days.

April 18
benseshi changed their profile picture.

April 18
WhiteVoid → secn0rm

hey, i am working on Irked box,

got struck with the steg, i tried brute forcing with rockyou, nothing found

where can i get the password,can you give me any hint ? from the forum i found that i can perform privilege escalation directly using SUID binaries. can you help me with that ?

how do i run the script when i cant access anything

April 18
Zekah changed their profile picture.

April 18
wabafet changed their profile picture.

April 18
AzAxIaL → ferchosur
Heya. I was wondering if I could get some help with the initial foothold connection for Conceal.

I understand that from the snmp-check and ike-scan results that I need to connect to the box using strongswan ipsec. I have the PSK hash which decrypts to "Dudecake1!".

At the moment, I have this in my ipsec.conf
```
conn conceal
    left=%any 
    leftsubnet=0.0.0.0/0
    right=10.10.10.116
    leftauth=psk
    keyexchange=ikev1 
    authby=secret
```
This in my ipsec.secrets
```
 : PSK "Dudecake1!" 
```
I am not sure how I am supposed to connect, as I have seen I can use ipsec start or I can use charon-cmd. Both of them produce these restransmit messages
```
07[NET] sending packet: from 10.10.13.27[57426] to 10.10.10.116[4500] (920 bytes)
09[IKE] retransmit 1 of request with message ID 0
```
Any hints or website links would be appreciated.
April 18
killerhold → white137shadow

Hi,
can you please help me with root "HELP Machine"

April 18
stdclass changed their profile picture.

April 18
saso → MrSquakie

Hey there, would you mind helping me with Irked? I have user and I'm trying to understand the output of LinEnum.sh, but I'm not finding anything useful. I know everyone is talking about a particular binary, but I can't find an interesting one. Even compared to my own Linux machine.

April 18
k4ct0 → Master123

Hey dude, i need help on Help machine. What was the edit you did on your exploit? I'm having a lot of problems to find the php shell im uploading... Im looking at /support/uploads/tickets, i change my timezone but im unable to find this shell.

April 17
divictus → clmtn

Hey, hope you doing great ! need some tips for querier, can you help ?

April 17
k4ct0 → utkarsh123

Hey, i need a hint on this machine. I started with the vector in helpdeskz were you can upload a file. I've checked every code (exploit, github) im sure that the path is /support/uploads/tickets what i cannot obtain is the file uploaded, the exploit tell me that it didnt find it.

How can you obtain the url of the file uploaded?

April 17
izmaglica changed their profile picture.

April 17
Sudo → jattion

Hi,
I am working on getting querier user.txt,

so far i have gotten credentials from the smb share and the xslm file. But i am unsure what to do with them... they dont work for impacket... can you provide a direct hint?

thank you

April 17
mostwanted002, rapunzel, steemcleena, nicname, minipekka and 23 others joined.

Welcome Aboard!

April 16
kilo5150 → wish

could I get some help with getting the creds on help? I see the site on 3000 but have no idea how to interact with it , query it. Thx in advance

April 17
CJ90 changed their profile picture.

April 17
wat3r → br0k3nc0rk

Hi there, I saw a comment you made in the lacasadepapel thread:

"You can obtain root without needing to use the QR code. If anyone needs a nudge in the right direction for root shoot me a PM. It's pretty easy to figure out once you stop over thinking it haha."

I wanted to beg for a hint I got to the psy shell, see $tokyo, and have managed to read/write files, list directory contents, and search for files. Really stuck now - any hint you could give would be appreciated

April 17
Seanhtw changed their profile picture.

April 17
jownz → marine

Hi, Do you have a little hint for me on the Privesc? What do ppl mean with "the framework" - neither Metasploit nor PowerSploit give me anything useful. Thanks

April 17
punxsutauwney → ackback

Hi, I am wondering if you could help me finalizing this Grammar challenge. I have the MAC stuff and converted it, but I keep getting the page saying that only lower characters are allowed. I have used a lot of combinations in the final POST. This is my latest attempt. {"User":"whocares","Admin":"True","MAC":0}
Encoded as base64: eyJVc2VyIjoid2hvY2FyZXMiLCJBZG1pbiI6IlRydWUiLCJNQUMiOjB9 What Am I missing here? Thanks in advance. P

April 17
k903 changed their profile picture.

April 17
krownburger changed their profile picture.

April 17
n00bs1337 → davidlightman

Hi man. I am stuck in arkham. I Know wich is the vulnerability is , but not know exploit yet. Can yoy give me some hint , abou encrypt /singn payload in java faces view state ? Some link when can learn. Thx.

April 17
Falconknee77 → RoTnRat

Hey dude, Just getting stuck on lacasa hoping for a nudge. i see the 80 and https. tried to do some dns stuff with lacadepapel.htb address, couldnt find much. Scanned with gobuster and nikto to find web vulns didnt come back with much. also looked into port 6200 that came back on a nmap full scan, not much their either . thanks

April 16

Howdy, Stranger!

Click here to create an account.

Recent Activity

Activity List

Howdy, Stranger!