DeadParr0t

About

Username
DeadParr0t
Joined
Visits
360
Last Active
Roles
Member

Comments

  • Excellent and well thought-out box. Thanks a lot @MinatoTW & @felamos !
  • Currently fighting with the payload for user, trying to get anything else than a ping. Now trying to get my payload through with SMB. Has anyone done it this way, or have I been going down a rabbit hole those last few hours ? edit : Jeez, way to ov…
    in Json Comment by DeadParr0t October 2019
  • Got root from www-data, with an exploit that was used in an other HTB box a few months ago. All in all, had some fun and learned some stuff with this one, so, thanks @askar ! :) Can I DM anyone about the www-data > user path ? Thought it was SQ…
  • Only been able to get netcat to connect back so far, but nothing interactive, and definitely no reverse shell. Frustrating, but fun nonetheless. Escaping the forbidden chars and command calls isn't hard once you get it, but getting around/through th…
  • Very cool box, especially the user part. At first, I thought root was going to be hardish to get, since I was expecting another kind of very well known vuln (and I'm not into RE at all), but it was surprisingly easy. Thanks a lot @Frey and @thek !
  • Really, really fun box ; was afraid it was going to be a bit too CTFy, but I loved the little deceptions (not trusting what was written sometimes, especially in terms of permissions/command effects/users) and rabbit holes. Went the HTTPS way, but wo…
  • Thanks a lot for this post, mate ! Really useful addition to the reviews already out there, should help a ton :) Would it be possible to have your notes on pivoting via PM, too ?
  • In the same boat actually. I generally like to read the walkthrough and taking a look at Ippsec's videos if available, and then forget about it for a few days and then do it by myself, while checking if there are other ways to get users/root. I get…
  • Jeez ! 3 days on that haha page. Got the image path, uploaded my rev shell file, but can't reach it in any way. Anyone for a little nudge in the right direction ?
  • Think I got everything I need from enum, brazilian dance, paths, etc ... Now working to get those two (three) params and that final access timestamp puzzle pieces together. That much enum is fun, but the box is a wee bit too CTFy for me, though. Fu…
  • Hardest box I've been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff. User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on…
  • The root part has been kicking my ass for a day and a half. Makes me painfully conscious about the need to seriously brush up on my networking skils. Changed stuff in b.cf according to that f** port in the T*****s page, tried catching the result wi…
  • Got user, managed to use s-*****n to craft a new i_ea-ct.p*b, put it back in /.s ... but getting a public key error when trying to S** my way in. :p Fun and very educational box. I think I might have gotten a MASSIVE headache without that Facebook …
  • Spoiler Removed
  • Found user without too much problem the php way. Would LOVE to get a MP about the N**e.js way, so if anyone is willing to discuss this, feel free to to MP :) Still working on root, but feels more and more like I'm trying too hard, especially when I…
  • Just solved this, but I'm getting the feeling that I somewhat missed something. Heading over to the pages that were given in this thread and rereading them, but if someone could explain to me like I'm 5 years old WHY this solution works (in PM, of c…
  • Excellent news !
  • You don't need bruteforcing, @alemorbel ! The best hint in this thread is not to overthink it. Literally. Just... don't. Use one of the most obvious technique to bypass login (google-fu !). Nothing automated needed here. PM me if you still need hel…
  • Think I might've dodged a bullet or two with bruteforcing and unnecessary hashes, so (both) user part weren't that hard. For root though, been playing around for a few hours with o****sl and t*****p, but I just can't get it yet. Also, I haven't been…
  • edit : Nvm, got it ! edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder :) Feel free to PM if hints are needed…
  • Struggling to get initial foothold but slowly getting there. I think I've found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially …
  • Ok, managed to get to the right folder in d*****t, and decrypted that whole stuff. Now trying to understand that p*f stuff :p Fun box, learned quite a few things from it so far ! edit: Well, a bit of Google fu and some attention to what is going o…
    in Chaos Comment by DeadParr0t January 2019
  • LMAO. This box is trolling me so hard. Found creds, logged in d*****t, not a thing in sight, tried in w****n, not working. W*-****n doesn't yield anything yet, either.
    in Chaos Comment by DeadParr0t January 2019
  • Finally rooted that one. Root.txt was quite simple, but root shell was a bit more elaborate because I didn't know such methods. Learned quite a few things. Thanks @L4mpje for this box, was quite fun ! :) If anyone needs a few hints, send a PM !
  • I feel like slapping myself right now. Been trying to upload with quite a few different ways, when all that was needed was right there already. On to user now ! edit: got user !
  • Got user, was quite fun, and deceptively simple ... which is easy to say in hindsight. Been trying for root for a few hours now, and I think I might have something weird in binaries (v******r). Can anybody tell me in PM if I'm on the right path, or …
  • Yep, same problem here. Tried exploits about PAM, tried a local privesc kernel exploit in C too ... tried through vi, tried switching to another shell (tcp backconnect python shell), tried uploading/downloading exploits to and from the Popcorn machi…
Avatar

Howdy, Stranger!

Click here to create an account.