Last Active


  • (Quote) Haha was tongue in cheek, this is a really bad way to handle this from both sides.
  • Ironically this thread is simulating one of the most realistic parts of pen testing. Dealing with difficult people/clients. I think a marker for whether a box is CTF-like would be a good idea, but I think they have a good place. If you're looking f…
  • Stop, Drop and...
    in Smasher Comment by Booj June 2018
  • Excellent writeup as always! Just thought I'd add you can exfil larger files using the following filter:php://filter/read=zlib.deflate/read=convert.base64-encode/resource=. This lets you get more into the limited number of characters allowed withi…
  • might be worth trying the web archive
  • (Quote) I second this, take a break, go for a walk or watch some tv. Just get your mind off it for a bit. It's 24 hours not because you'll need that but so you have the opportunity to take breaks and fit the test around real life. Hell if you've …
    in OSCP exam Comment by Booj May 2018
  • No firewall as far as I'm aware, but the exploitation shouldn't need to bypass one, so assume there is. There could be any number of reasons why it's failing depending on what method you're using (there are quite a few), so I'd say look at other wa…
  • (Quote) There's an exploit that will apply well to your situation. Just make sure it matches your environment and I mean really make sure, don't just give it a cursory check :)
    in Nightmare Comment by Booj April 2018
  • The following is a quick list but should help: Lame Beep Bastard Grandpa/Granny Mirai Solidstate Jeeves Tally (Much harder than anything on OSCP, but you've gotta get used to windows) Bashed Nibbles Sense Valentine Bart (Again, same issue but really…
    in OSCP Practice Comment by Booj March 2018
  • If it's MSSQL USE [DBNAME]; SELECT * FROM sys.Tables; I think. You might be able to do DBNAME.sys.Tables but I haven't tested it so can't say for sure.
    in mssql union Comment by Booj March 2018
  • @Geluchat I found no reference to it online, but when you said it couldn't think of a better name :lol:
  • Other than what everyone else has said which I agree with, I will add that you should do the exercises first!! No matter what! I know you're going to want to jump in and start breaking boxes, but it'll set you up to do much better in the labs thems…
  • I've seen a couple of people having issues with this one. Various tool scans seemed to be reeeeeeally mess it up. Just keep hitting the box with the well known exploit (maybe try times with lower users) and you'll get what you're looking for.
    in Valentine Comment by Booj February 2018
  • They'll be different for different versions of libc ;)
  • Very cool! Looking forward to trying this out!
  • You don't need to write to a buffer, everything can be done using gadgets or functions in the PLT. You do need to gain a shell
  • Warren Zevon and Run the Jewels
  • Great job, didn't think to do a full ROP chain, very clever solution! Nice use of pwntools too! As for system I think may be to blame? I can't say for sure …
  • LXD Bypass Or you could just bypass the above entirely and save yourself a week of buffer overflow pain. (Image) Maybe there's something a little odd in that group listing? Turns out lxd is installed! I've written about this before, as it's fu…
  • Nothing a good laxative cant fix
  • (Quote) Why not? Both work :)
  • Emancipator is pretty good watch?v=S4g7mPUskW8
    in Music Comment by Booj January 2018
  • My advice for this one would be to use something like wfuzz and fuzz the area that looks suspect. This one is unfortunately a lot of trial and error and there's not much of a way around that without spoiling.
  • @dostoevskylabs putting us all to shame ;) I just use a Onenote stream of consciousness unless I'm required to report in which case my subpages take a similar form to the above. It's probably not the best, but it's what I find keeps me 'in the zon…
  • I think if the admins deem it too spoilery they'll delete it as they've done in the past
  • That phpinfo trick is really cool, excellent writeup :)
  • (Quote) I think that's a great idea
    in Bashed Comment by Booj December 2017
  • (Quote) We all started somewhere man...Just because you found it obvious doesn't mean a lot of people did.
    in Bashed Comment by Booj December 2017
  • Calamity is much much harder than anything in the OSCP but also focusses on a different set of skills. You won't really be doing any binary exploitation or reversing in the OSCP.
  • It seems you know what to do, check the specification of what you're reversing , make sure you've got every part correct and check your assumptions

Howdy, Stranger!

Click here to create an account.