Last Active


  • Type your comment> @BinaryShadow said: > Hi, I'm already stuck with the flag files, someone can give me a hint how to decode the Sxxxxm.Sxxxxxxy.Sxxxxxxxxg. I've been trying for hours with Pxxxr Sxxxl with no results. I'm at the same point…
  • Type your comment> @psychocircus said: > Could someone give me a slight nudge ? I have found a lot of information including the de******* I just haven't found anything in the way of users yet. Hopefully this isn't too much of a spoiler, b…
  • Rooted after fighting with the web page for a bit. Feel free to PM for hints.
  • Would anyone be able to DM me for a hint on the way forward? I can get the program to move into the right function, but I'm also not sure how to pass the parameters the function seems to need to get what I want.
  • If anyone is still working on this one, does anyone have a tip for the last step? I have the deobfuscated payload from the h** file and was able to get valid shellcode from it, but I can't get it to execute correctly (unless that's not what is need…
    in oBfsC4t10n Comment by Flikk August 11
  • Is anyone else running into a permissions problem on the user step when trying to use the features of the running service? I'm not sure if I'm just not using the right file (or environment) or if I missed something else.
  • Rooted and learned a lot about AD environments along the way. Feel free to PM for hints if needed.
    in Forest Comment by Flikk November 2019
  • Rooted. There are enough hints to get through everything here, but feel free to PM me if needed.
    in Postman Comment by Flikk November 2019
  • Rooted. Thanks to @lmal for the hints. Feel free to PM me for tips.
    in Wall Comment by Flikk November 2019
  • Anyone have any nudges for user? I found something for the user, but the config is blocking connections from them (unless that's the problem to solve?). I also found a certain script owned by the same user, but not sure if that's a rabbit hole. E…
    in Postman Comment by Flikk November 2019
  • @Manb4t @Joao1905 If you're trying the script I'm thinking of, I don't think it's actually necessary or wasn't in my case. I messed around with it for a while getting similar errors. However, once you have the account needed to login to the ad…
    in Swagshop Comment by Flikk August 2019
  • @putuamo You can get the app itself from the regular port. Poke around a little bit and you should find it. I was able to get the app, offsets, and put together the start of an exploit based on IppSec's Bitterman video, but having trouble reading …
    in Safe Comment by Flikk August 2019

Howdy, Stranger!

Click here to create an account.