Frey

About

Username
Frey
Joined
Visits
2,335
Last Active
Roles
Member

Comments

  • It was an attempt for oracle SQL Injection attacks, take a read upfront here. http://www.red-database-security.com/whitepaper/oracle_sql_injection_web.html
  • Type your comment> @xInSanity said: (Quote) Loled
  • Type your comment> @rjamison said: (Quote) I can't really give out much, the thread already spoils almost all the steps on it. Never the less the last step requires some basic keywording searching imo. To narrow it down for you the first searchi…
  • It's the default DNS for that specific machine, there are other machines that require a whole different DNS to resolve back.
  • https://stackoverflow.com/questions/3115559/exploitable-php-functions
  • Download Ngrok and Setup the Token : https://ngrok.com/ chmod +x ngrok Now execute it : ./ngrok tcp 1200 Now the port 1200 is tunneled back to your Host grab the DNS that ngrok outputs, before issuing the reverse shell, pop up another terminal …
  • Type your comment> @VirtuL said: (Quote) (Image)
  • @GibParadox Ohboi, hope the other challenge gets released to :joy:
  • Can't really quote you all up so i'll say it here. @alamot You just overthinked to much, when there was no need to obviously. @w31rd0 You don't, and i never said that you need to know previous challenge's that's why i said cause we saw it and did…
  • Type your comment> @alamot said: (Quote) The spaces are already given out when you locate the flag, therefore the only thing is the lowercase thing which is quite obvious on HTB Stego section, cause we saw it and did it plenty of times on anothe…
  • Probably not, you can do that on udemy though.
  • Type your comment> @w31rd0 said: (Quote) That's the second part, finish up the first one.
  • (Image)
  • The box was totally awesome, hard and painfull as it can gets. For everyone that is trying the box. User Hint : Don't overthink into the ports there is one common port that is being used almost everyday on windows boxes on HTB. Exploit this one to…
    in Sizzle Comment by Frey January 2019
  • Happy holidays to everyone there :heart: :heart:
  • After i solved BigHead(Finally God), i have some advices to give regarding the approach; For everyone that is stuck on the early stages do us a favor and use some OSINT to locate the needed files clue (Git). Now for those that are already inside the…
    in BigHead Comment by Frey December 2018
  • Thanks for not letting me have a life :joy:. Gonna try it with some beers and pizza ohoho.
    in BigHead Comment by Frey November 2018
  • We are not here to do your personal inside Job for your own company, de-facto be a responsible penetration tester and try harder.
  • So here is my review after wrapping up this box. Starting off the box was a little bit of average for my taste, you have to guess the first Credentials in order to get a login which costed me a heavy amount of time doing initial foothold, at the nex…
    in Redcross Comment by Frey November 2018
  • Here is the actual page if you wonder, https://boiteaklou.github.io/writeup/tutorial/pentest/2018/10/28/HackTheBox-Bounty.html
  • (Quote) The specific box follows up a common default user/pw were you can locate them both on the main website, the reverse shell is a common How i can get a joomla shell, as far for the other parts only the hexdump needs some time the Root part is…
    in Curling Comment by Frey October 2018
  • Let it sink folks, this machine is so damn easy, that you can possibly do it without a Topic asking for hints yo. Anyway the usual stuff TIPS, for User pay close attention to the chunked data they are hexdumps look closely how you can reverse that o…
    in Curling Comment by Frey October 2018
  • I don't think that there is something different rather the version and the loaded exploits inside it, that's why you need to update the wp DB frequently. Anyway gratz finding it out.
  • Box was okay i guess; For the starting foothold don't start using hydra or anything related to cracking any login portal, everything can be guessed over and the exploitation for the reverse shell is easy as it can gets. For the root part well it was…
    in Zipper Comment by Frey October 2018
  • @bulbafett :joy:
  • CEH is the theory fundmentals, OSCP is the real deal. Anyway before starting analyzing which one is better and for what reason for my case you should go on for the one that is more familiar with you. CEH = Applies for Hacking Theory/Toolset Usage, O…
  • Τime to leave my review i think, the box was overly good and awesome in the easy-going levels. The user process was done smoothly under some 10 - 15 mins or so. The root part was done with 2 seperate ways which one does not give you fully privileged…
    in Access Comment by Frey October 2018
  • https://forum.hackthebox.eu/discussion/703/hint-for-sunday/p1
  • After reviewing the box and playing it, had lot's of fun with it, as usual good job for not making a mind-blown machine like the most of the users out there, keep it simple creative and unique in the ways. Now on the user part guys focus on the PORT…
    in Ypuffy Comment by Frey September 2018
  • Take a look here : https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/ if the way is to bypass the Auth then that's what you need. If it needs manipulating the injection point to dump the data's or cookie manipulatio…
Avatar

Howdy, Stranger!

Click here to create an account.