Last Active
Member, Administrator


  • Just an FYI you can submit your writeups on the profile page of retired machines now (below the youtube video section) :)
  • Sounds like you may have javascript disabled. If it's not disabled, can you try giving the machine a reset and see if that helps?
  • @MrWick please avoid posting spoilers. Do not give any specific details about active machines/challenges
  • This was basically the full solution to the challenge. Please do not post spoilers
  • Just to add, since I mentioned it to someone I should probably share here as well to be fair: The first column was not intended to be how it is, however it is still important.
  • Please note that as of tomorrow (July 1), challenges can be submitted directly through the website and the [email protected] email will no longer be used.
  • Please watch the spoilers, there was one in almost every post so far.
  • (Quote) The github repo is unrelated to the machine, although it does explain how to use it once you find it
    in Bashed Comment by Arrexel April 2018
  • I have been meaning to make some more challenges. I can do up a web chal or two after I finish one of the machines I'm currently working on. We will also have a challenge submission system in the next update (in a week or two most likely) which shou…
  • Look for something that doesn't belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)
    in Bashed Comment by Arrexel April 2018
  • I highly recommend making a short script instead of doing everything by hand, once you figure out what needs to be done :p Much more fun that way
  • This thread was full of spoilers. Please be more careful about what information you post about challenges/machines.
  • It looks like you are trying to connect to machines which require VIP. As a free user, you have access to the last 2 retired machines (indicated with a blue icon on the retired list page). VIPs can connect to any currently running retired machines.…
  • Did you successfully connect to the VPN? If not, can you please post your OpenVPN log in a support ticket, or send it to me via PM.
  • This thread has been cleaned up and the spoilers removed. As the machine is brand new, we are a bit less lenient on what is considered spoiling. Please be careful about what information you share!
    in Poison Comment by Arrexel March 2018
  • Be careful posting spoilers guys, this thread was full of them. They have all been removed.
  • (Quote) I will discuss this with the others. For the time being though, please report anything you think is revealing too much. There is no harm in flagging something to be reviewed, as we can always just ignore it if we find no issue with the post.
  • Nice writeup. Glad you enjoyed the box :)
  • Spoiler removed. Please be more careful about what information you post from a non-retired box.
  • (Quote) Yep! I'll add it to the to-do list
  • We have been looking into options for this. I would also love to see a swag shop ;)
    in swag? Comment by Arrexel February 2018
  • (Quote) Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.
    in phpbash Comment by Arrexel January 2018
  • Just added an upload command (which opens the file selection dialog). phpbash now properly escapes console output, so cat'ing html/php files no longer causes code execution. Further improved directory navigation. cd - now goes to previous director…
    in phpbash Comment by Arrexel January 2018
  • Read the challenge desc. Needs to be submitted in the correct case
  • Bump, as several people have been asking about this topic recently
  • Identifying the OS distribution from running services will help ;)
  • @jinxbox check out the second half of ippsec's video
  • Nice writeups guys. I'd definitely recommend jd-gui for decompiling the jar. No need to extract any classes or anything when using it. Also @ippsec got it, (4.4.0 kernel doublefree) will work most of the ti…
  • (Quote) It's already on the to-do list ;) might add it tonight if I have time Added
    in phpbash Comment by Arrexel December 2017
  • What do you call the person who fills in when your teacher is sick? hint hint

Howdy, Stranger!

Click here to create an account.