Recent Activity

Activity List

  • T3jv1l

    Hi i use dirb ,dirbuster , gobuster in Vault box but i have just 403 error , i found just index.php , i donwloaded seclist but i dont see nothing interesting , what i need to do , or in what direction i need to go , i see just two ports open 80 and ssh port 22

    November 12
  • haimvak

    hey can you tell me how to get the credential for the user tyler
    in the secnote box?
    10.10.10.97
    i found xss there but nothing else

    November 12
  • haimvak

    hey can you tell me how to get the credential for the user tyler
    in the secnote box?
    10.10.10.97
    i found xss there but nothing else

    November 12
  • T3jv1l

    Hi i use dirb ,dirbuster , gobuster in Vault box but i have just 403 error , i found just index.php , i donwloaded seclist but i dont see nothing interesting , what i need to do , or in what direction i need to go , i see just two ports open 80 and ssh port 22

    November 12
  • mrf

    Hi man,

    how did you get user without .enc file?

    Hawk machine

    November 12
  • drseilzug changed their profile picture.
    Thumbnail
    November 12
  • Working On Amzy ( A.I Script )
    Happy If You Contribute With Me
    Need to Write 20k If command for 1 function
    November 12
  • bradmn changed their profile picture.
    Thumbnail
    November 12
  • mrf

    Hi Sir,

    Need some help with Hawk please,

    I scanned network via Nmap and found FTP,

    I have tried login an anonymous, but here empty messages folder

    How to be tell me please?

    November 12
  • chrissch2, Pierre, backslasht, haimvak, freskhu and 25 others joined.
    Welcome Aboard!
    November 11
  • numbfrank

    Did you manage to get anywhere with Jerry?

    November 11
  • haimvak

    hey can you tell me how to get secnote credential
    i know there is user name tyler
    and alot of xss .

    November 11
  • saskenuba changed their profile picture.
    Thumbnail
    November 11
  • Laur

    Hey! About the Waldo box. I figured out that when ".." in the end of path it goes to parent directory one level and if only "." or "/" in the end, it displays current directory. But if I try ../../../.. it still goes only one level... I substituted the slashes with those encoding and the double slash stuff from https://tipstrickshack.blogspot.com/2013/02/how-to-bypassing-filter-to-traversal_8831.html but it still gives me either "False" as a response or the current or parent directory. Whats the trick?

    November 11
  • felixgmathew

    Hey I could use your help with the YPUFFY box, i found the alice1978 credents and NT password am using impacket psexec to authenticate but am unable to, could you help me out with this ?

    November 11
  • rzouzou

    Hi marine, can you please help me with Frolic Buffer overflow ?
    I already download the binary, then use gdb to find offset, system, exit and '/bin/sh' addresses

    So i tried to realize the BOF on my VM and it works, and with same command it's not working on frolic machine i get infinite "segmentation fault (core dump)" :(

    the command line i used :
    while true; do rop $(python -c 'print "B" * 52 + "\x70\x78\xd8\xf7\x30\xac\xd7\xf7\x68\x69\xec\xf7"'); done

    November 11
  • Mischu1989

    hey dude

    i am trying to decrypt the file on hawk but i somehow missing something. tried all different hashed but dont changed the default cipher suite...

    Do i miss something?

    Best Thanks

    November 11
  • are you sorted ?
    I am only logging in now.

    November 11
  • artniyetli

    HEY! I am working on secNotes computer. Any hints?

    November 11
  • Sekisback

    on vault, you dont need to change the payload to an image. just find the right extension. check this out
    https://fileinfo.com/filetypes/web

    November 11
  • Welcome Aboard!
    November 10
  • T3jv1l

    Hey there,

    Anyway I could get the commandline you ran with runas? I know the admin account doesn't require a password, but I'm not familiar enough with windows built in tools to pipe a file to another using runas in conjunction with something else. Access box thx

    November 10
  • T3jv1l

    hi i need little bit hep with privesc in acces , i use runas in all syntax but i dont have root.txt :(

    November 10
  • T3jv1l

    Hi i need little help with privesc in acces box , i dont know in what direction i need to luck ,thx

    November 10
  • T3jv1l

    Hi i need little bit help with privesc in access machine , i dont know in whic direction i need to look :)

    November 10
  • T3jv1l

    Hi i need little bit help with privesc in access box , i dont know in whic direction i need to go ..

    November 10
  • ppaecity

    Hi Bro, Could you advice me "I Know Mag1k" challenge. I got this key iknowmag1kw=GV1%2BQ6FO0wSqDHmVRE2ZfqF2SYjWJe%2BHJUZ12Cn91zD7WlyMnEfTFg%3D%3D" I thought it is auth key. so that i tried to decrypt using pudbuster but i have wrong responded in pudbuster.

    my pudbuster request is " padbuster http://docker.hackthebox.eu:59353/login.php GV1%2BQ6FO0wSqDHmVRE2ZfqF2SYjWJe%2BHJUZ12Cn91zD7WlyMnEfTFg%3D%3D 8 --cookies auth=GV1%2BQ6FO0wSqDHmVRE2ZfqF2SYjWJe%2BHJUZ12Cn91zD7WlyMnEfTFg%3D%3D --encoding 0 --plaintext user=Admin"
    i used user name Admin because of i tried to guess admin,Admin. Challenge responded Admin name has already in used.
    but does not responded.
    " INFO: The original request returned the following
    [+] Status: 200
    [+] Location: N/A
    [+] Content Length: 2347
    INFO: Starting PadBuster Encrypt Mode
    [+] Number of Blocks: 2
    INFO: No error string was provided...starting response analysis
    *** Response Analysis Complete ***
    The following response signatures were returned:

    November 10
  • Nirkeh changed their profile picture.
    Thumbnail
    November 10
  • SwarupSaha changed their profile picture.
    Thumbnail
    November 10
  • tiger5tyle changed their profile picture.
    Thumbnail
    November 10

Howdy, Stranger!

Click here to create an account.