Last Active
Member, Administrator


  • The main site is back online now! Sorry for the downtime today guys
  • Hey everyone, we are back online now. Apologies for the downtime!
  • Just an FYI you can submit your writeups on the profile page of retired machines now (below the youtube video section) :)
  • Sounds like you may have javascript disabled. If it's not disabled, can you try giving the machine a reset and see if that helps?
  • I've only seen this happen when cookies are completely blocked. Can you try a different browser and check your cookie settings?
    in CSRF Comment by Arrexel August 2018
  • @MrWick please avoid posting spoilers. Do not give any specific details about active machines/challenges
  • This was basically the full solution to the challenge. Please do not post spoilers
  • There is or the HTB private message system.
    in HTB Slack? Comment by Arrexel July 2018
  • Just to add, since I mentioned it to someone I should probably share here as well to be fair: The first column was not intended to be how it is, however it is still important.
  • Please note that as of tomorrow (July 1), challenges can be submitted directly through the website and the [email protected] email will no longer be used.
  • Please watch the spoilers, there was one in almost every post so far.
  • (Quote) The github repo is unrelated to the machine, although it does explain how to use it once you find it
    in Bashed Comment by Arrexel April 2018
  • I have been meaning to make some more challenges. I can do up a web chal or two after I finish one of the machines I'm currently working on. We will also have a challenge submission system in the next update (in a week or two most likely) which shou…
  • How often are you losing connection? I've seen this happen if you have multiple connections open to the VPN at the same time. Try a sudo pkill openvpn or regenerate your .ovpn connection pack from if you thi…
  • Look for something that doesn't belong on a generic linux distro. Basic forensic techniques can help find it fairly quickly (no need to image the drive or anything like that)
    in Bashed Comment by Arrexel April 2018
  • I highly recommend making a short script instead of doing everything by hand, once you figure out what needs to be done :p Much more fun that way
  • As long as you have the consent of the cardholder it is not a problem. I believe pre-paid Visa cards also work in most cases. You can also use PayPal as an alternative.
    in VISA card Comment by Arrexel April 2018
  • This thread was full of spoilers. Please be more careful about what information you post about challenges/machines.
  • It looks like you are trying to connect to machines which require VIP. As a free user, you have access to the last 2 retired machines (indicated with a blue icon on the retired list page). VIPs can connect to any currently running retired machines.…
  • Did you successfully connect to the VPN? If not, can you please post your OpenVPN log in a support ticket, or send it to me via PM.
  • This thread has been cleaned up and the spoilers removed. As the machine is brand new, we are a bit less lenient on what is considered spoiling. Please be careful about what information you share!
    in Poison Comment by Arrexel March 2018
  • Be careful posting spoilers guys, this thread was full of them. They have all been removed.
  • (Quote) I will discuss this with the others. For the time being though, please report anything you think is revealing too much. There is no harm in flagging something to be reviewed, as we can always just ignore it if we find no issue with the post.
  • Nice writeup. Glad you enjoyed the box :)
  • Spoiler removed. Please be more careful about what information you post from a non-retired box.
  • (Quote) Yep! I'll add it to the to-do list
  • We have been looking into options for this. I would also love to see a swag shop ;)
    in swag? Comment by Arrexel February 2018
  • (Quote) Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.
    in phpbash Comment by Arrexel January 2018
  • Just added an upload command (which opens the file selection dialog). phpbash now properly escapes console output, so cat'ing html/php files no longer causes code execution. Further improved directory navigation. cd - now goes to previous director…
    in phpbash Comment by Arrexel January 2018
  • Read the challenge desc. Needs to be submitted in the correct case

Howdy, Stranger!

Click here to create an account.