GetGetGetGet

About

Username
GetGetGetGet
Joined
Visits
12
Last Active
Roles
Member

Comments

  • Overall, I really didn't like this machine. It was all about the things I hate most in CTF. Negatives: * Lame CTF tricks to find foothold (i.e. what you do at m********g) * Web-app brute-forcing. It might not take long to crack but it's still a p…
  • I just uploaded a new version of the exploit on Github. It should make debugging and editing the script less painful. Can't post the link here b/c spoilers, but it should be easy to find if you know what you're looking for.
  • Type your comment> @ausldavid said: (Quote) Here's a good paper on json deserialization attacks in both .Net and Java: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
  • Type your comment> @hackerB31 said: (Quote) Have you tried any classic username/password combinations? I have maybe a few logins I try on every page I come across (as well as googling for the application's default creds). If you try that and ar…
  • Finally rooted this after taking a break to learn more about AD. https://blog.harmj0y.net/ and https://adsecurity.org/ were great resources. My notes for root: * If your "dog" tool isn't working remotely, maybe it's easier to do it loca…
  • I'm pretty stuck on this, wondering if anyone can help out. I've got the User credentials from the backup but can't find a way to use that towards actually getting User. I've used it to authenticate to R*C (via r*ccl**nt) but can't seem to actually…
  • Finally got root on this. As a newbie, user was easier than root for me b/c the service to exploit seemed pretty clear. For root, however, I was kind of directionless and expected it to be harder than it was, and ended up overlooking something basic…
  • Finally found the flag (my first challenge "owned'), thanks to the hints here. I spent too much time in wireshark analyzing and not enough trying to actually find the flag. It feels silly now how easy it was. Side note: Is this challenge worth…
Avatar

Howdy, Stranger!

Click here to create an account.