farbs

About

Username
farbs
Joined
Visits
32
Last Active
Roles
Member

Comments

  • Rooted. Pretty disappointed with this one. Thanks to the creator, regardless.
    in Wall Comment by farbs September 15
  • I may be interested. Feel free to PM.
  • Rooted. This one was really solid -- 9/10. I've worked with git in the past, but this was a good refresher. Everything was very obvious when I turned my brain off and stopped delving too deep into it. I normally would give some hints, but I escal…
    in Bitlab Comment by farbs September 11
  • Type your comment> @clubby789 said: @farbs said: Should I be trying to de-obfuscate? If you're talking about b********.html, then yes No worries. Already got it. Thanks, though!
    in Bitlab Comment by farbs September 7
  • Should I be trying to de-obfuscate? Edit: The answer is yes. Got a shell on the box. Working on user now.
    in Bitlab Comment by farbs September 7
  • What's up with some of the poor reviews on this? It was really straightforward and simple -- I actually really liked it a lot. Thank you for the box, @guly. Hints... User: Enumerate the web service. Check out different web directories to ge…
    in Networked Comment by farbs August 28
  • Type your comment> @Tohzzicklao said: @farbs said: Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges? The stupid insect's eyes hide a valued secret at plain sight (you coul…
    in Scavenger Comment by farbs August 24
  • Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?
    in Scavenger Comment by farbs August 23
  • Type your comment> @feffi said: Try Broader! 😉 Not sure what you're referring to...
    in Scavenger Comment by farbs August 18
  • Not even sure where to focus my energy yet...
    in Scavenger Comment by farbs August 17
  • Type your comment> @Ryan412 said: What a wonderful machine For user: the password is right in front of you. You just need to find the username. For root: look for what is running and extract its data. The sha-256 seeme…
    in Heist Comment by farbs August 16
  • Nice and easy box. Thank you @MinatoTW for the quick solve -- I've enjoyed almost all of your boxes so far (except for Ghoul, I'm sorry )... This was a great way of introducing a Windows box to newer users with less environmental familiarity, so I a…
    in Heist Comment by farbs August 16
  • Type your comment> @debeMechero said: Hi! i'm stuck at recon phase. I found high port, login page and studied all .js and .css ... what i'm missing? Focus on the name of the box
    in Rope Comment by farbs August 16
  • Did you reset the box and then root it?
  • Type your comment> @juggydancesqd said: 3 usernames and passwords that don't work anywhere is this to throw you off? Careful saying they "don't work anywhere"...
    in Heist Comment by farbs August 14
  • I'll hop in on this if anyone is willing to share the link here as well.
  • Personally, I run through a box just to root it initially, taking some light notes along the way. After rooting it, I'll go back and verify each of my steps for future reproduction -- this is for a general means of understanding, but also to provide…
  • Type your comment> @krypt said: My .o** payloads are not working no matter how much I obf them. Is this not the way? No need for obfuscation.
    in RE Comment by farbs August 6
  • Should the form's web dir be enumerated further? I've tried sub-domains, vhosts, web dirs, etc. to locate this binary and I'm not finding it. Am I functionally stupid...? Also, congrats @sampriti, you crushed it.
    in Rope Comment by farbs August 5
  • Pretty sure this has been an ongoing issue due to the way the placeholder text is created on the form. I currently have over 90 drafts that have accumulated over time. Oh well...
  • So sad this box is retiring this weekend... It was my favorite one on HTB Looking forward to Rope though with high hopes!
    in Fortune Comment by farbs July 30
  • Type your comment> @limbernie said: user Much has been said on the exploit. Write the string you want to execute to a memory address you know is writable and doesn't change. Refer to the memory layout. And no, it's not the stack. …
    in Safe Comment by farbs July 30
  • Rooted. Didn't like this box at all -- almost wondering how it even got selected in the first place? Feels like a repeat of another box cough (some will know which I'm referring to). Anyways, hints: user As others have been saying, provide yo…
    in Safe Comment by farbs July 29
  • Type your comment> @Sp3eD said: Type your comment> @farbs said: Rooted! And had a great time with it, too. Pretty cool concept for a box Here are some hints for user/root: User Make sure you pay at…
    in RE Comment by farbs July 26
  • Type your comment> @rallyspeed said: I can find 2 open ports, am i missing a high end port ? Refer to the "higher" port. Sorry, my description wasn't as accurate as I could have made it. Two ports is correct.
    in RE Comment by farbs July 26
  • Rooted! And had a great time with it, too. Pretty cool concept for a box Here are some hints for user/root: User Make sure you pay attention to the service that is running on the higher port. There's one in particular that you can abuse spec…
    in RE Comment by farbs July 25
  • Type your comment> @johnnyz187 said: Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack…
    in RE Comment by farbs July 23
  • Type your comment> @cdf123 said: Re: RE @farbs said: Who else is [RE]ady for this? You're going with that pun? Not su[RE] what you’[RE] [RE]ferring to
    in RE Comment by farbs July 20
  • Type your comment> @KeyboardCaper said: After getting a terminal: python -c 'import pty; pty.spawn("/bin/bash")' CTRL-z bg stty raw -echo fg reset (In case of unknown terminal type try: linux) Optional: ex…
  • Type your comment> @BaiduFu said: After fg, ctrl+z cannot background the shell ? You did it backwards. fg stands for "foreground", meaning you'll be foregrounding the job you just "backgrounded" with CTRL+Z.
Avatar

Howdy, Stranger!

Click here to create an account.