Player

2456789

Comments

  • Type your comment> @12thRockyou said:

    the first vulnerability / exploit was one of my favourites I've seen. Enjoyed the box :smile: thanks

    Yes, I know which one you are talking about, the exploit that stood out was very fun, but like I said, I still think the initial foothold was a bit of a stretch :)

    OSCP | TMHC CTF

  • Type your comment> @12thRockyou said:

    the first vulnerability / exploit was one of my favourites I've seen. Enjoyed the box :smile: thanks

    Welcome.

    MrR3boot
    Learn | Hack | Have Fun

  • What kind of magic is that :open_mouth: ? Amazed.

  • Type your comment> @davidlightman said:

    What kind of magic is that :open_mouth: ? Amazed.

    Magik

    MrR3boot
    Learn | Hack | Have Fun

  • Rooted, after a good time, thanks for the box she is great ! :D

  • Type your comment> @Seepckoa said:

    Rooted, after a good time, thanks for the box she is great ! :D

    @Seepckoa said:
    Rooted, after a good time, thanks for the box she is great ! :D

    Welcome <3

    MrR3boot
    Learn | Hack | Have Fun

  • @halfluke said:

    Found some vhosts, found the "hints" to what is wrong with the site(s), found some names in an answer to a url request, found source of the countdown (client side), found a login. And stuck, next step unknown :smile:

    I'm at the same step.

    I've enumerated a bit and know what app is running on one of the su***** and a RCE exploit for it, but still no creds for that login. I'm wondering if limited brute forcing for that login page is necessary, i've got a few users to try from other services. :smiley:

  • edited July 2019

    Brrr

  • Very nice box @MrR3boot, I enjoyed it a lot.

  • Type your comment> @snowscan said:

    Very nice box @MrR3boot, I enjoyed it a lot.

    Awesome. Thanks for the feedback @snowscan.

    MrR3boot
    Learn | Hack | Have Fun

  • rooted .... very good box. I enjoyed a lot and learned a lot

  • Type your comment> @gokuKaioKen said:

    rooted .... very good box. I enjoyed a lot and learned a lot

    :smile:

    MrR3boot
    Learn | Hack | Have Fun

  • Hii! Nice machine! I´ve found a code... but i dont know what to do with it. I m also looking an image...not sure about if it means smthing.

    Any hint? :blush:

  • edited July 2019

    Spoiler Removed

  • edited July 2019

    Tip from days hours of banging my head on the table: try different wordlist for vhosts fuzzing.

  • This is probably one of my favorite active machines so far :) The root was amazing.

    Thanks @MrR3boot !

    Hack The Box

    OSCP | GPEN | eCPTX | CREST CRT | eCPPTv2 | GWAPT | ECSA (Practical) | CREST CPSA | ACE

  • Great box, I enjoyed it. but the initial part was insane

  • Type your comment> @Ryan412 said:
    > This is probably one of my favorite active machines so far :) The root was amazing.
    >
    > Thanks @MrR3boot !

    Welcome mate. Hope you had fun with it.

    MrR3boot
    Learn | Hack | Have Fun

  • > @kfupm said:
    > Great box, I enjoyed it. but the initial part was insane

    Will play one more game in a while :wink:

    MrR3boot
    Learn | Hack | Have Fun

  • edited July 2019

    Nice box. Not Kryptos, not chainsaw, but nice... Some moments made me laugthing. Thanx @MrR3boot !

  • edited July 2019

    This box definetely in my top 3 list now. The first initial part was a bit meh but I really liked every step overall especially the one everybody talked about . Great box. Thanks @MrR3boot !

    morph3

  • Very cool box @MrR3boot Really enjoyed the user part, even though it was a headache sometimes lol

  • Type your comment> @YanTayga said:

    Nice box. Not Kryptos, not chainsaw, but nice... Some moments made me laugthing. Thanx @MrR3boot !

    Every machine in htb has a different theme. There’s no common factor to compare with them. Hope u had fun with this specific theme machine.

    MrR3boot
    Learn | Hack | Have Fun

  • @lyak said:
    Very cool box @MrR3boot Really enjoyed the user part, even though it was a headache sometimes lol

    Yes mostly when it comes to real-time activities it’s always painful.

    MrR3boot
    Learn | Hack | Have Fun

  • @morph3 said:
    This box definetely in my top 3 list now. The first initial part was a bit meh but I really liked every step overall especially the one everybody talked about . Great box. Thanks @MrR3boot !

    Glad that you had fun with it.

    MrR3boot
    Learn | Hack | Have Fun

  • Was it just me or getting user.txt was harder than getting root.txt??

    Very fun box. I did get some gray hairs from all the stress getting user.txt.

    This is one of the reasons I love HTB. Each machine has something new.

    Thank you to @12thRockyou for you help.

    Hint for user: Google is your friend. Burp as well.

    Hint for root: 64 is your friend.

  • Hi all First, I would like thanks for @MrR3boot , @12thRockyou and @johnnyz187 for help.
    After 3 days "not focusing" I got owned
    Great box @MrR3boot

  • Thanks @MrR3boot , this was an awesome box with plenty of new and interesting attack vectors.

    I particularly liked how straight-forward it was in regards to needing a specific thing to unlock access to the next and so forth. It didn't get too much into the weeds, although the initial step was pretty hard to get without hints...the ones on the site weren't quite specific enough.

    It's all just a learning experience though, so I guess mission accomplished. :smiley:

  • > @3sP3rTAlHaO said:
    > Hi all First, I would like thanks for @MrR3boot , @12thRockyou and @johnnyz187 for help.
    > After 3 days "not focusing" I got owned
    > Great box @MrR3boot

    > @dr0ctag0n said:
    > Thanks @MrR3boot , this was an awesome box with plenty of new and interesting attack vectors.
    >
    > I particularly liked how straight-forward it was in regards to needing a specific thing to unlock access to the next and so forth. It didn't get too much into the weeds, although the initial step was pretty hard to get without hints...the ones on the site weren't quite specific enough.
    >
    > It's all just a learning experience though, so I guess mission accomplished. :smiley:

    @dr0ctag0n @3sP3rTAlHaO Thanks for the feedback. Hope you loved it <3

    MrR3boot
    Learn | Hack | Have Fun

  • Learned important lessons from this machine:

    1) Always try harder, and don't give up
    2) Never overlook the information gathering phase

    I can't imagine if this was a real penetration testing engagement. I'd have failed my client miserably.

    Good machine @MrR3boot :+1:

    limbernie
    Write-ups of retired machines

Sign In to comment.