Y'all gotta stop asking for help on here, send me a message instead


Last Active


  • ughhh i thought this was gonna be easy as pie until i saw no pages were mapped rwx :T
  • so.... slow..... i didn't have to do this in ages 😩
    in [WEB] wafwaf Comment by 0x41 April 2020
  • hey, please use the shell that's already on there instead of spamming the server with your own shells or at least give them names you can't find when dirbusting, kinda ruins it a bit other than that, fun little box ^^
    in Traceback Comment by 0x41 March 2020
  • no need to crack any hashes
    in [WEB] Console Comment by 0x41 March 2020
  • sure just read the code ¯\_(ツ)_/¯
    in [WEB] Console Comment by 0x41 March 2020
  • ah hell, i kept wondering how to get the source and didn't realise there was a goddamn download button under the start instance button m) EDIT: aaand got it. i tried the right thing from the very beginning before i even had the source, but looks lik…
  • got a whole bunch of weird behavious and an error message, but no matter what i do, i can't make sense of what happens behind the scenes. would appreciate a nudge
  • Type your comment> @tel0s said: (Quote) if you have only one argument you can pass, how can you put it in /tmp? ;) don't worry about where you put it, just download it and try running it from that directory
    in Fatty Comment by 0x41 March 2020
  • user fell, but not to me 😅 ask @haqpl, i'm still struggling with o**** rn
    in Oouch Comment by 0x41 February 2020
  • user finally fell!
    in Oouch Comment by 0x41 February 2020
  • Type your comment> @tel0s said: (Quote) no redirecions, one argument only. i recommend doing it in two stages
    in Fatty Comment by 0x41 February 2020
  • we're barely 2 hours in and if this is anything like qtcs other box, it's gonna be a while before someone draws blood :P i've got an idea or two about what might be going on, but nothing useful so far edit: ayyyyy it helps if you can read. i missed…
    in Oouch Comment by 0x41 February 2020
  • that waf is really annoying when you have something running in the background that throws different kinds of payloads against the box 😂
    in Oouch Comment by 0x41 February 2020
  • Type your comment> @tel0s said: (Quote) i was in the same boat as you before figuring out how to get around that (and later seeing other peoples logins and realising i didn't even need to get around that lol) where does the hashing happen?
    in Fatty Comment by 0x41 February 2020
  • i feel like P******J* isn't really stable. sending the same payload that did things before dosen't do things anymore :T EDIT: aaaand rooted. awesome box, had a lot of fun (except for the part where i got weird behaviour because of other people and …
    in Book Comment by 0x41 February 2020
  • depending on whether or not i'll be back home in germany i'd love to come too! central germany is also more practical for me
  • god damn it, @Layle idk how this was meant to be solved, but my way sure as hell gave me a headache...
  • kinda confused because both the printf and puts are returning absolutely no output for some reason :/ EDIT: just had to solve it in a probably convoluted and unintended way, but many roads lead to shellcode 8)
  • got code exec locally, but don't know how to do the S**i right to get a*** ro** :T annoying as hell, but man what a great box! makes me regret i didn't take the job at your place @qtc, we could've been colleagues :P EDIT: ahh realised where i went…
    in Fatty Comment by 0x41 February 2020
  • oh man this took me ages because of the slow af exfil... can't wait to go find some writeups and see if i just did it in a really stupid way lol EDIT: yeah i wasted hours because of slow exfil lmao. there's a much better way than acting blind
  • easy, all it took were the 20 most cursed lines of python you'll never see 😁😁😁 i enjoy challenges like this, they're great practice for hacking together quick and dirty scripts for weird real world situations in which you encounter weirdly formatted…
    in M0rsArchive Comment by 0x41 January 2020
  • alright found some time to get back to this and took like 2 hours doing the wrong thing to get me to the flag. very hard challenge, such an annoying "waf"....
    in [WEB] ezpz Comment by 0x41 January 2020
  • pretty sure i know what i'm supposed to be doing, but i'm struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way :/ would appreciate a nu…
    in [WEB] ezpz Comment by 0x41 December 2019
  • fun box :D coudn't write a script for user, for whatever reason it just woudn't work, but it takes about a minute or two with burp :P root was a little too easy and fast tbh and files in the users home directory might spoil even that
    in Mango Comment by 0x41 December 2019
  • can someone shoot me a hint about the initial foothold? i think i've got a vague idea about what to do, but with NX enabled and no output idk how to do it
    in Rope Comment by 0x41 November 2019
  • user was relatively okay, root was annoying because the exploit i used didn't work for some reason? had to intercept the requests and pass them on 1:1 and then they worked for some reason
    in Postman Comment by 0x41 November 2019
  • have a hard time getting root :/ i know what i have to decrypt, i know how to do it but i have no idea where to find the key EDIT: who the heck needs to decrypt their keys anyways, amirite? great box, was a lot of fun until i wasted hours at the v…
    in Fortune Comment by 0x41 March 2019
  • actually had it all right on the first try and wasted ages trying to fix it because of that damn /bin/sh offset anyone know why our string isn't waiting for us there? is that actually part of the challenge?
    in ropme Comment by 0x41 March 2019
  • (Quote) nop
  • took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

Howdy, Stranger!

Click here to create an account.