Last Active


  • Whew. Getting user was fun. There's a few rabbit holes for web exploits that should be avoided. The easy to find exploit that would most likely involve social engineering is a rabbit hole. Multiple people have referenced the Nightmare machine so yo…
    in SecNotes Comment by 3lpsy September 2018
  • Just got root. The crucial thing for both user and root is to take things slow. The path is relatively straight forward, but you need to read the source code of the exploits and understand what it's doing and make necessary modifications in the sour…
    in Hawk Comment by 3lpsy August 2018
  • I thought I had tried tried to submit the correct flag, but apparently I hadn't so I ended up doing a bunch a non-sense not realizing I'd already solved it. You can basically find the flag by 1) finding user, 2) finding the character set of the pas…
  • @onlyamedic I had the same issues with rce/reverse shell. The shells took a few minutes to connect back and were pretty unstable. After getting the user, I changed to using meterpreter but the speed wasn't much better.
    in Silo Comment by 3lpsy June 2018
  • @bonjourpancake This was the best way for me: https://blog.zsec.uk/msforacle. Just make sure to change the version from XX_1 to XX_2 if applicable
    in Silo Comment by 3lpsy June 2018
  • Really interesting machine (mostly because I was unfamiliar with the vector). There's a few ways to do this once you decide on the vector. One way is to use the tool, sit back and spam until something sticks. The other way is to go low and slow and …
    in Silo Comment by 3lpsy June 2018
  • To get the tool to work, you just have to fiddle with the options and ensure you're including everything you need to. If you've never used the tool, take some time to actually research the actual attack/vuln as well as it's pretty interesting.
    in I Know Mag1k Comment by 3lpsy June 2018
  • lol, took me a second after login. Think "what am I actually doing on this webpage? what am I hear for?"
  • PM me for hints on payload for initial foothold.
    in Bounty Comment by 3lpsy June 2018
  • PM for hints. Relatively straight forward. I do have a question. Did anyone actually use the debug feature to get either user or root? I saw it a bunch but never needed to use it. PM me if you ended up using it as I'm curious.
    in Dev0ops hints Comment by 3lpsy June 2018
  • Wow, so that was the quickest privesc I've ever got. Can someone PM how they got root as I'm curious if there is a way to do it that is not insanely easy?
    in Stratosphere Comment by 3lpsy June 2018
  • Don't worry about getting a shell. I wasted a bunch of time on it as someone on the forums mentioned it was possible (but that's what I get for not figuring it out myself). But once you get RCE, it's just simple enumeration. If you find something in…
    in Stratosphere Comment by 3lpsy June 2018
  • Correcting a few of the hints for user. People are mentioning two files. One is a file. The other is sort of a file. It's not something you can download or put on your system. Without giving it away, think about what you can do with these types of t…
    in Aragog Comment by 3lpsy June 2018
  • My hint for getting user and getting past the cap part: If you can decrypt the traffic and read it, you have enough information to move on. Review the intel you've acquired.
    in Olympus Comment by 3lpsy June 2018
  • Owned. Great box all around. Thoroughly enjoyed it. Looking back, it's not hard once you know the paths. Root is trivial. You're main difficulties are entirely going to be getting user. Just keep at it. PM for hints.
    in Canape Comment by 3lpsy June 2018
  • Hint on getting foothold: 1) yes it does require research, 2) common public approaches probably won't work 3) but yes there is a public example out there 4) don't copy and paste. If you need to copy and paste, base64 if your friend. 5) probably want…
    in Canape Comment by 3lpsy June 2018
  • If you're struggling going from user to root, you may want to start over with your enumeration. It's aggressively simple. I know that sucks to hear if you're struggling, but once you see it, you'll have root in less than a minute. My hint is to ask …
  • Getting root was super easy, I'm worried that piggybacked off of someone else. Can someone pm me how they got root?
    in Valentine Comment by 3lpsy May 2018
  • For username, it is specific to the box but you have already seen it in some form if you are at that point. If someone else has said it didn't work, don't take their word for it and try it for yourself.
    in Valentine Comment by 3lpsy May 2018
  • Got root flag. Can someone pm and explain why I had to edit that thing? i.e. where was the thing being called? I feel like I knew what to do the whole time, and eventually just guessed and got it but didn't learn anything in priv esc.
    in Celestial hint Comment by 3lpsy May 2018
  • Is priv esc broke or did I piggy back? I got the user by spamming that exploit and basically did not have to do any exploit to get root flag. Curious if I piggy backed as I had reset the box a half hour before.
    in Chatterbox Comment by 3lpsy May 2018
  • Hint: Make sure to get a pty on any shells. Let me know if you have questions.
    in NIbbles Comment by 3lpsy May 2018
  • This is one of those you try something you think should work, and it doesn't so you move on and go down a useless rabbit hole. So everything has been said in this thread. All the comments about enumeration are right. And enumeration isn't hard. One …
    in Poison Comment by 3lpsy May 2018

Howdy, Stranger!

Click here to create an account.