New video up:


Last Active


  • New video up:

    March 14
  • Boreless

    hello i was wondering if you can help me with sauna.I found usernames in site but dont know what to do next...

    March 10
  • Fogman

    Hey I was wondering if you could help me out on forest? I'm stuck trying to get root by using secretsdump.py but keep getting access denied. I've created a user and put them in both exchange groups. I've also used powersploit to grant dcsync privs.

    February 28
  • VbScrub changed their profile picture.
    February 22
  • fcmunhoz

    Can you help me on foothold on Sauna machine?

    I am trying this
    smbmap -H -u user

    Am I using the right tool?

    February 21
  • akenofu

    Hello, Hope u doing well m8. I was going through nest. After some time enumerating, I don't dare say I have enumerated everything. but, I found the creds in the weird b64 format. Also, found the file that mentions utf8-bom. I even found the hidden directories using the weird service on port 4386.I also found the new text file and the todo file. However, I am still unable to crack the b64 password. I tried padding it , Different b64 decoding characters schemes , but to no avail. A nudge would be much appreciated.

    February 18
  • masquerad3r

    Hey, hope you are doing great !!!

    I am stuck on user for sauna, Out of many possible users and keywords found only Sauna to be a valid username, but even it is not ASREPRoastable.

    Any nudge in the right direction would be a life saver. Thanks :)

    February 16
  • Chirag25


    Can you tell if\10.10.. to access smb share is the right command for foothold as for me this is not working.

    February 11
  • Sonia12

    Regarding Forest machine:

    This is my first windows box as I just started on HTB

    I tried to get username list via ldapserach and nmap smb-enumusers, but ldapserach gave me one extra user than smb-enumuser
    (ldapserach gave many users including sebastien)
    I started bruteforcing password for following users using auxilary/scanner/winrm/winrm_login
    Andy Hislip
    Lucinda Berger
    Mark Brandt
    Santi Rodriguez

    on both port 5985 and 47001 using dc as htb.local , but no luck

    smbclient and smbmap not working for me :(

    Any guidance or tip will be greatly appreciated

    I was hoping to get some password, then using winrm, login to the box and get user.txt and then try privilege escalation

    February 5

Howdy, Stranger!

Click here to create an account.