Last Active


  • Edit: Nvm that
  • Got some creds, now just looking for a user. fun box this far :)
    in Quick Comment by FailWhale April 2020
  • (Quote) Yeah its a real large one :smile:
    in Patents Comment by FailWhale April 2020
  • Really didnt like the c****o part when i first saw it, but i was greatly surprised when i got working with it. My tip for everyone who is intimidated by it, is to try not to think too much about what and how it works, because thats just a lot of…
  • Has anyone anyone been able to download that file from the server without writing code? If so i woulde love to hear how, Ive been struggling to get anything utilising socat and ssldump
    in Fatty Comment by FailWhale April 2020
  • Found plenty of users, with a couple of different services, but really stumped on getting passwords in anyway
    in Cascade Comment by FailWhale March 2020
  • Anyone wanna throw a nudge towards bypassing that WAF? I feel like i've tried to tamper with everything.
  • Just rooted, didnt do anything about signing tho. Maybe the signing part is a way to do it smarter than i did tho. Kinda just bruteforced the last step as well
    in Control Comment by FailWhale March 2020
  • Right cheers, think Im past the "bruteforce" part now at least
    in Control Comment by FailWhale March 2020
  • @dag0bert If you got the creds you just need to fine a way to utilise them. They do work. As others have said earlier, you can find some inspiration from ippsecs video about Arkham Im currently stuck after getting user, if anyone is willing to gi…
    in Control Comment by FailWhale March 2020
  • Is the challenge broken? I've tried for very long without any luck. Gave up and found both a write-up as well as a youtube video, both of which show functionality within the p********.*** file that i cant be replicated. and the s***** tool that ev…
  • Can anyone tell me if the machine has been patched? I managed to get both user and root in a single swoop and am currently helping someone else getting through this box.
  • Anybody that wanna help me formulate a payload for the python script? I'm sure I've found the vulnerable part and how to trigger it, I just struggle to escape it
  • I've managed to get user on this box but is very dumbfounded on root. Anyone willing to help me get going? Windows machines er quite the mystery to me, so any help would be greatly appreciated. I've read through the forum for root hints but st…
  • So i got user and password, but cant really seems to login anywhere with it, anyone could spare a hint? :)
  • Anyone wanna pm me a hint for initial user foothold? I'm quite sure I know what to exploit and on what page, but I simply can't make it output anything
    in Sniper Comment by FailWhale October 2019
  • @BT1483 right, I think I get you :)
    in Safe Comment by FailWhale October 2019
  • How do you guys download the .k**x file from the system?
    in Safe Comment by FailWhale October 2019
  • I've altered the RCE to download something from my webserver and execute it for a shell. I am getting a notification that it gets downloaded, but it wont trigger i shell? :(
    in Wall Comment by FailWhale September 2019
  • I've gotten user, and wanna get on to root, from the forum i know what to do, and what to exploit, but i honestly have no idea how i would find the vulnerability in the first place. Anybody wanna give me a nudge on how to do a proper enumeration an…
  • Im stuck on getting the inital shell. I've found the T****B*** shell, but all efforts to get a reverse shell from there on hasnt worked, anyone wanna give me a nudge? :)
  • Anyone wanna give me a nudge to get k***** user? i've read the hints in this thread regarding curl, and a certain CVE, but still not sure how to make sense of it. Any help would be appreciated :) EDIT: nvm found the CVE - just needed a walk
  • Got it now :) thanks for the help @ixxelles
    in Jarvis Comment by FailWhale July 2019
  • Man im so stuck on s*******.*y, i got it run as the user, but i stumped on escaping the character blacklist. I've read the forum posts, but havent been able to find a proper hint for this one, other that to google it, which didnt yield any results
    in Jarvis Comment by FailWhale July 2019
  • When i finally got user after a bunch of 503's i quickly found the method for root, but spent hours making it work. My hint for root is to think in absolutes
    in Swagshop Comment by FailWhale July 2019

Howdy, Stranger!

Click here to create an account.