Last Active


  • Glad to hear so many people enjoyed this one. It's based off a real phishing document used by a prolific cyber-crime gang. Some tips I'll through out: * You don't need to resolve anything. * You don't need office. There are tools out there to dump…
  • Really sorry for any confusion, all. The original challenge was broken a bit, in that you could upload it to sites like any.run or hybridanalysis and the flag would just show up on the page. It was patched earlier this week, and a new version with a…
  • Type your comment> @TazWake said: (Quote) Not to distract from the actual conversation here, but I'm confused by the idea that you needed admin access to get the user flag on RE. I'd be really curious to hear how you solved, if you don't mind re…
  • https://www.hackthebox.eu/home/ideas/167
    in Registry Comment by 0xdf October 2019
  • The short answer is no. Typically the unreleased section will go from 0 --> 1 sometime between Wednesday and Friday, and that will show the new box that's being released Saturday, as well as the one that's retiring (htb will also tweet it). But t…
  • If you rooted without Windows, would you mind sending me a DM? I have some questions. I've rooted with Windows.
    in Bastion Comment by 0xdf May 2019
  • Take it one step at a time. I know a 2.5 hour ippsec video is super long. but if he spends 10 minutes on something, maybe you spend an hour on it. if youre new to gobuster, run gobuster the way he runs it. then try different switches. read the man p…
  • Would it be possible to get rough guidelines as to what is "too big"? Also, any recommendations as to where I can find an iso for Server 2019 (or Server 2016) to install without desktop? The only kind I was able to find for free was the ev…
  • Here's a couple writeups: https://0xdf.gitlab.io/2019/01/28/tunneling-with-chisel-and-ssf.html https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html
  • Thank you! I invested way too much time into the floating TOC, lol
  • thanks!
  • Of the people I've chatted with about it, I'd say it was about 20% went XSRF route.
  • Thanks, both of you. @delo - Id be fascinated to hear what you did differently.
    in Oz Write Up Comment by 0xdf January 2019
  • woah, that's awesome @fjv. i'm going to need to look into that more.
  • Sorry for opening this thread back up, but, I wanted to add, as a box creator, I'd love to know why the 42 people who marked my submission as lame thought it was lame (though that's only 4.2% lame, so at least the box get's to live on ;) ). It'd be …
  • Did you all have to significantly change things for the remote? ive got local working flawlessly, but i can't seem to get it to work remotely. I've updated to handle the extra output. It seems all my steps work until the last, where it just crashes.
  • Follow up post on the phishing docs: https://0xdf.gitlab.io/2018/11/13/malware-analysis-phishing-docs-from-htb-reel.html
  • Thank you! Glad you all enjoyed it!
  • @Divyanshu - hopefully you don't mind the self-promotion: https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
    in Vault Comment by 0xdf November 2018
  • Thanks!
  • Fantastic box! I didn't love one of the pivots and the guessing involved, but so many interesting tasks required to get to the end. Great work, @OscarAkaElvis
    in Olympus Comment by 0xdf May 2018
  • man this tool is awesome. it was a bit tricky to get built. wish i had checked the releases!
  • @0d1n, @lewk - you're welcome to pm me.
    in Falafel Comment by 0xdf May 2018
  • I'm running out of ideas on m->y. PM me here or mm if you want to collaborate.
    in Falafel Comment by 0xdf May 2018
  • (Quote) its definitely a different path than ive seen elsewhere... lots of good hints in these forums.
    in Aragog Comment by 0xdf May 2018
  • I think this is my favorite htb... great box all around
    in CrimeStoppers Comment by 0xdf May 2018
  • (Quote) Depends on which vuln you're talking about :) PM me if you want
    in Canape Comment by 0xdf April 2018
  • (Quote) Feel free to send me what you're thinking, @w31rd0
    in Bashed Comment by 0xdf April 2018
  • I have an initial shell and some idea on where to go next. anyone who has user.txt up for letting me bounce ideas off of them? or anyone in the same position? pm me. Thanks.
    in Canape Comment by 0xdf April 2018
  • im assuming it's probably not running on port 80? when you get stuck like this, try running through burp so you can see what's happening. you can set a listener on port 80 and tell it to pass all traffic to the ip/port of the challenge. then you ca…

Howdy, Stranger!

Click here to create an account.