GChester

About

Username
GChester
Joined
Visits
553
Last Active
Roles
Member

Comments

  • Type your comment> @Wolfstorm said: (Quote) Not to add anything else but this is spot on, I solved it yesterday after looking at the final step for days without a clue...
  • Nice Challenge, spolied by the bit at the end. Speak H4CK3R or don't , but the spelling of the flag meant it too me ages (and a needed a nudge) to find out exatly what to submit.
  • Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the …
    in Mango Comment by GChester November 2019
  • Hi, Trying not to spoiler this ... So with help from Google and a CTF write up I have enumerated two possible usernames, , but when I modify the script to try use one of the usernames and enumerate passwords I get a three or four character poss…
    in Mango Comment by GChester November 2019
  • If anyone want to hint me too please DM. I can get files onto the box, just can’t world out how to make them execute.
  • Struggling too on the exploit phase. Altered the script, I'm told to look at my NC listener but nothing. Can anyone nudge me along please.
    in Wall Comment by GChester October 2019
  • Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P... token Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so…
    in Wall Comment by GChester September 2019
  • Anyone able to hint me how to get anything to test the C.../i...php file. Getting headaches trying to deal with tokens to attempt to logon... Almost thinking of resorting to guessing and typing passwords in.....
    in Wall Comment by GChester September 2019
  • Got root but while I know HOW I got it (semi focused thinking or blind luck ) I don't get WHY this works, I understand what I change, I don't understand what's causing the process to work the way it does rather than just throw a hissy fit and error…
  • @Br1a1d said: (Quote) Save yourself time, go back to 2.1.3 and try again...
  • @Gordin Thanks, that worked, if it wasn't for your reply I'd have assumed I only had part of the solution and kept trying to decrypt all the rest of the data.
  • I think I have the event, (well there a few it could be but only one violation). Anyone want to hint me what and how to crack it, Tried John and RY with no joy on the three hex fields you get out of the tool. Well I got something (a band name) but …
  • Never mind, ran enough tools foing on my initial theory and it became obvious...
  • Anyone want to PM Me a hint to get started, I have an idea at a high level whats happened, and I've tried some basic searches around the domain name but I'm clutching at straws and randomly googling rather than having a focused plan.
  • Nice box, got a little stuck on Syntax at the end but Enjoyable...
    in Jarvis Comment by GChester July 2019
  • That was fun, Thanks to @Cybeernoob who confirmed I was on the right path. MODS - Feel free to edit this if its too spoiler-y... If you do have to go to a Windows VM be careful of the OS, I could not get the final step to work under W10, but …
    in Bastion Comment by GChester April 2019
  • Really missed one crucial bit of the puzzle, MANY Thanks to @Kinjo for pointing out the error of my ways...
  • Fun, I think. Oddly one tool even though I used the administrator creds it still logged me in as the user level creds. Not sure why, but not worrying too much over it..
    in Querier Comment by GChester March 2019
  • AARGH. Foiled by my own PC, Firefox was auto filling a password box on the set up notification page and causing my problems. At leas I can now get Netmon to Ping my PC..
    in Netmon Comment by GChester March 2019
  • Stumped as how to trigger a notification, I can click the trigger button but nothing happens, and I see a reason whay that may be the case in the log but correcting that error does not help. Can someone throw me a hint how to trigger a notification?
    in Netmon Comment by GChester March 2019
  • Can anyone throw me a hint, I think I'm at the last step, I have access to the two users, and I can see user 1 has two binaries in their home area that can be executed with enhanced privs over what their account has. What I just can't get is the la…
  • (Quote) NVM Overthinking it...
    in Chaos Comment by GChester January 2019
  • (Quote) Look at the files you can see, Read the code and try to discover how they work.
  • I think I'm in the right place with the "special" file, I'm just unclear how I make "the special one" interact and read or otherwise examine the root.txt file for me to then see its contents.
  • Problem solved. I’d got my syntax wrong...
  • I'm using Burp and Hydra, but can anyone point me to a tutorial/ hints on how its done so much faster, there must be another way the brute forcing it.
  • Nice challenge, I got stuck for a few hours after getting the original file out thinking there was no obvious indicator where to go and what a password may be. If I missed something "in the corners" can someone PM Me to say what :) I t…
    in Blackhole Comment by GChester July 2018
  • (Quote) Once you have a list of users Hydra and RockYou should be able to help. Have patience however, the box is reset a lot, I had to run Hydra twice to get valid credentials. Even though I now have valid credentials they sometimes do not work …
  • (Quote) I wish I could. I cant think of anything and the regular resetting after people alter the assorted system files is frustrating...
Avatar

Howdy, Stranger!

Click here to create an account.