Last Active


  • Overall, I really didn't like this machine. It was all about the things I hate most in CTF. Negatives: * Lame CTF tricks to find foothold (i.e. what you do at m********g) * Web-app brute-forcing. It might not take long to crack but it's still a p…
  • I just uploaded a new version of the exploit on Github. It should make debugging and editing the script less painful. Can't post the link here b/c spoilers, but it should be easy to find if you know what you're looking for.
  • Type your comment> @ausldavid said: (Quote) Here's a good paper on json deserialization attacks in both .Net and Java:
  • Type your comment> @hackerB31 said: (Quote) Have you tried any classic username/password combinations? I have maybe a few logins I try on every page I come across (as well as googling for the application's default creds). If you try that and ar…
  • Finally rooted this after taking a break to learn more about AD. and were great resources. My notes for root: * If your "dog" tool isn't working remotely, maybe it's easier to do it loca…
  • I'm pretty stuck on this, wondering if anyone can help out. I've got the User credentials from the backup but can't find a way to use that towards actually getting User. I've used it to authenticate to R*C (via r*ccl**nt) but can't seem to actually…
  • Finally got root on this. As a newbie, user was easier than root for me b/c the service to exploit seemed pretty clear. For root, however, I was kind of directionless and expected it to be harder than it was, and ended up overlooking something basic…
  • Finally found the flag (my first challenge "owned'), thanks to the hints here. I spent too much time in wireshark analyzing and not enough trying to actually find the flag. It feels silly now how easy it was. Side note: Is this challenge worth…

Howdy, Stranger!

Click here to create an account.