Recent Activity

Activity List

  • rippenkill, 3ch0staTic, t0w3R, user326578, maali and 33 others joined.
    Welcome Aboard!
    April 18
  • macha2230

    hello nice to meet you here iam stuck at lacadepapel i try using node.js rce it's look like not working any nudge from you can help me to solve this box

    April 19
  • herapen09

    could you help on HELP machine? any hints would be appreciated. thanks

    April 19
  • herapen09

    could you give me a hint to gain "user"...thanks

    April 19
  • killinem

    Thanks for nudge, I rooted this box independently:)

    April 19
  • jammeister

    Hey, I'm struggling with teacher. I was able to grab the Giovanni password from the image file, as well as execute RCE in the quiz module of moodle to execute a reverse shell on the limited user account (www-data). Furthermore, I was able to obtain the creds to mariadb and log in as the root user.

    No idea what to do next at this point to obtain the user.txt or the root.txt.

    Any advice would be greatly appreciated.

    April 19
  • farfrumh0me

    Still working on offshore?

    April 19
  • gaius

    Hey, I hope you don't mind me messaging you. It's regarding the "massacre" challenge. I'm really stuck on this, since my idea doesn't turn out to be something valuable. I noticed most of the r,g,b values are round (divisible by 10), and some pixels are not. Am I in the right direction? Would you spare a hint?

    April 19
  • Roard

    Hi Lotus! you need to change security context to read user.txt in Irked

    try ls -la as the first step

    April 18
  • osmus, Almadjus, anon151019, Roard, ARainchik and 35 others joined.
    Welcome Aboard!
    April 17
  • Sorry everyone if I don't respond to messages... I am not active on HTB these days.

    April 18
  • benseshi changed their profile picture.
    Thumbnail
    April 18
  • WhiteVoid

    hey, i am working on Irked box,

    got struck with the steg, i tried brute forcing with rockyou, nothing found :(

    where can i get the password,can you give me any hint ? from the forum i found that i can perform privilege escalation directly using SUID binaries. can you help me with that ?

    how do i run the script when i cant access anything

    April 18
  • Zekah changed their profile picture.
    Thumbnail
    April 18
  • wabafet changed their profile picture.
    Thumbnail
    April 18
  • killerhold

    Hi,
    can you please help me with root "HELP Machine"

    April 18
  • stdclass changed their profile picture.
    Thumbnail
    April 18
  • saso

    Hey there, would you mind helping me with Irked? I have user and I'm trying to understand the output of LinEnum.sh, but I'm not finding anything useful. I know everyone is talking about a particular binary, but I can't find an interesting one. Even compared to my own Linux machine.

    April 18
  • k4ct0

    Hey dude, i need help on Help machine. What was the edit you did on your exploit? I'm having a lot of problems to find the php shell im uploading... Im looking at /support/uploads/tickets, i change my timezone but im unable to find this shell.

    April 17
  • divictus

    Hey, hope you doing great ! need some tips for querier, can you help ?

    April 17
  • k4ct0

    Hey, i need a hint on this machine. I started with the vector in helpdeskz were you can upload a file. I've checked every code (exploit, github) im sure that the path is /support/uploads/tickets what i cannot obtain is the file uploaded, the exploit tell me that it didnt find it.

    How can you obtain the url of the file uploaded?

    April 17
  • izmaglica changed their profile picture.
    Thumbnail
    April 17
  • Sudo

    Hi,
    I am working on getting querier user.txt,

    so far i have gotten credentials from the smb share and the xslm file. But i am unsure what to do with them... they dont work for impacket... can you provide a direct hint?

    thank you

    April 17
  • Welcome Aboard!
    April 16
  • kilo5150

    could I get some help with getting the creds on help? I see the site on 3000 but have no idea how to interact with it , query it. Thx in advance

    April 17
  • CJ90 changed their profile picture.
    Thumbnail
    April 17
  • wat3r

    Hi there, I saw a comment you made in the lacasadepapel thread:

    "You can obtain root without needing to use the QR code. If anyone needs a nudge in the right direction for root shoot me a PM. It's pretty easy to figure out once you stop over thinking it haha."

    I wanted to beg for a hint :) I got to the psy shell, see $tokyo, and have managed to read/write files, list directory contents, and search for files. Really stuck now - any hint you could give would be appreciated :)

    April 17
  • Seanhtw changed their profile picture.
    Thumbnail
    April 17
  • jownz

    Hi, Do you have a little hint for me on the Privesc? What do ppl mean with "the framework" - neither Metasploit nor PowerSploit give me anything useful. Thanks

    April 17
  • punxsutauwney

    Hi, I am wondering if you could help me finalizing this Grammar challenge. I have the MAC stuff and converted it, but I keep getting the page saying that only lower characters are allowed. I have used a lot of combinations in the final POST. This is my latest attempt. {"User":"whocares","Admin":"True","MAC":0}
    Encoded as base64: eyJVc2VyIjoid2hvY2FyZXMiLCJBZG1pbiI6IlRydWUiLCJNQUMiOjB9 What Am I missing here? Thanks in advance. P

    April 17

Howdy, Stranger!

Click here to create an account.