Ironically this thread is simulating one of the most realistic parts of pen testing. Dealing with difficult people/clients.
I think a marker for whether a box is CTF-like would be a good idea, but I think they have a good place. If you're looking f…
Excellent writeup as always!
Just thought I'd add you can exfil larger files using the following filter:php://filter/read=zlib.deflate/read=convert.base64-encode/resource=.
This lets you get more into the limited number of characters allowed withi…
I second this, take a break, go for a walk or watch some tv. Just get your mind off it for a bit. It's 24 hours not because you'll need that but so you have the opportunity to take breaks and fit the test around real life. Hell if you've …
No firewall as far as I'm aware, but the exploitation shouldn't need to bypass one, so assume there is. There could be any number of reasons why it's failing depending on what method you're using (there are quite a few), so I'd say look at other wa…
The following is a quick list but should help:
Tally (Much harder than anything on OSCP, but you've gotta get used to windows)
Bart (Again, same issue but really…
Other than what everyone else has said which I agree with, I will add that you should do the exercises first!! No matter what!
I know you're going to want to jump in and start breaking boxes, but it'll set you up to do much better in the labs thems…
I've seen a couple of people having issues with this one. Various tool scans seemed to be reeeeeeally mess it up. Just keep hitting the box with the well known exploit (maybe try times with lower users) and you'll get what you're looking for.
Great job, didn't think to do a full ROP chain, very clever solution! Nice use of pwntools too!
As for system I think https://stackoverflow.com/questions/32892908/c-system-raises-enomem?noredirect=1&lq=1 may be to blame? I can't say for sure …
Or you could just bypass the above entirely and save yourself a week of buffer overflow pain.
Maybe there's something a little odd in that group listing? Turns out lxd is installed!
I've written about this before, as it's fu…
My advice for this one would be to use something like wfuzz and fuzz the area that looks suspect. This one is unfortunately a lot of trial and error and there's not much of a way around that without spoiling.
@dostoevskylabs putting us all to shame ;)
I just use a Onenote stream of consciousness unless I'm required to report in which case my subpages take a similar form to the above. It's probably not the best, but it's what I find keeps me 'in the zon…