Last Active
Member, Administrator


  • Just an FYI you can submit your writeups on the profile page of retired machines now (below the youtube video section)
  • Sounds like you may have javascript disabled. If it's not disabled, can you try giving the machine a reset and see if that helps?
  • I've only seen this happen when cookies are completely blocked. Can you try a different browser and check your cookie settings?
    in CSRF Comment by Arrexel August 2018
  • @MrWick please avoid posting spoilers. Do not give any specific details about active machines/challenges
  • This was basically the full solution to the challenge. Please do not post spoilers
  • There is or the HTB private message system.
    in HTB Slack? Comment by Arrexel July 2018
  • Just to add, since I mentioned it to someone I should probably share here as well to be fair: The first column was not intended to be how it is, however it is still important.
  • Please note that as of tomorrow (July 1), challenges can be submitted directly through the website and the [email protected] email will no longer be used.
  • Please watch the spoilers, there was one in almost every post so far.
  • @minhhungvn said: Spoiler Removed - Arrexel The github repo is unrelated to the machine, although it does explain how to use it once you find it
    in Bashed Comment by Arrexel April 2018
  • I have been meaning to make some more challenges. I can do up a web chal or two after I finish one of the machines I'm currently working on. We will also have a challenge submission system in the next update (in a week or two most likely) which shou…
  • How often are you losing connection? I've seen this happen if you have multiple connections open to the VPN at the same time. Try a sudo pkill openvpn or regenerate your .ovpn connection pack from if you thi…
  • Look for something that doesn't belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)
    in Bashed Comment by Arrexel April 2018
  • I highly recommend making a short script instead of doing everything by hand, once you figure out what needs to be done Much more fun that way
  • As long as you have the consent of the cardholder it is not a problem. I believe pre-paid Visa cards also work in most cases. You can also use PayPal as an alternative.
    in VISA card Comment by Arrexel April 2018
  • This thread was full of spoilers. Please be more careful about what information you post about challenges/machines.
  • It looks like you are trying to connect to machines which require VIP. As a free user, you have access to the last 2 retired machines (indicated with a blue icon on the retired list page). VIPs can connect to any currently running retired machine…
  • Did you successfully connect to the VPN? If not, can you please post your OpenVPN log in a support ticket, or send it to me via PM.
  • This thread has been cleaned up and the spoilers removed. As the machine is brand new, we are a bit less lenient on what is considered spoiling. Please be careful about what information you share!
    in Poison Comment by Arrexel March 2018
  • Be careful posting spoilers guys, this thread was full of them. They have all been removed.
  • @uck084 said: How do you define spoiler? We need a forum wide definition , which is differentiating "innocent push" and giving the answer of the challenge. I think forum needs such pushes and I personally believe that those pushes are adding gre…
  • Nice writeup. Glad you enjoyed the box
  • Spoiler removed. Please be more careful about what information you post from a non-retired box.
  • @peek said: could you add time and date for private messages ? Yep! I'll add it to the to-do list
  • We have been looking into options for this. I would also love to see a swag shop
    in swag? Comment by Arrexel February 2018
  • @berninator said: Awesome tool! Especially with the new update. Definitely beats changing a GET variable everytime I want to run a new command. By the way, did you make Bashed just to advertise this? Nope! We needed an easy box so …
    in phpbash Comment by Arrexel January 2018
  • Just added an upload command (which opens the file selection dialog). phpbash now properly escapes console output, so cat'ing html/php files no longer causes code execution. Further improved directory navigation. cd - now goes to previous dire…
    in phpbash Comment by Arrexel January 2018
  • Read the challenge desc. Needs to be submitted in the correct case
  • Bump, as several people have been asking about this topic recently
  • Identifying the OS distribution from running services will help

Howdy, Stranger!

Click here to create an account.