Leonishan

Don't ask on the wall please, PM 🐶

About

Username
Leonishan
Joined
Visits
540
Last Active
Roles
Member

Comments

  • Wow, that was very interesting and challenging. Congrats @makelaris , got a lot of fun here. A few tips that could be handy: * Try to understand how the application works, don't submit payloads like a crazy. * Replicate locally. You need to do som…
  • Nice challenge, really enjoyed :smile: I give some tips that could be handy: * If you have played with the application, you will notice that sometimes there is a strange error. This will give you an idea of what to do, but maybe you need to do thi…
  • Wow, what a ride :) very very nice machine, learned a lot. Thanks @no0ne and @Adamm for the work here. * User : All you need is in the login portal. If there is some parameter that is working strange, investigate what is that field and the response…
    in Kryptos Comment by Leonishan July 2019
  • Rooted :) What a machine!! Congras @MrR3boot I enjoyed it in every step. One of the best machines in HTB. * User: Pay attention of all enumeration process, there are full of hints. After that, you have to think or search how files could have been …
    in Player Comment by Leonishan July 2019
  • Nice box, congrats @rotarydrone I am giving some hints: * User : After enumerations and accessing some interesting place, try to analyze the code, you can find some weaknesses that could let you take advantage. There are things that should never b…
    in Craft Comment by Leonishan July 2019
  • Very nice box, except the last piece, over complicating things IMHO. The idea is very fresh and funny to learn. * User : There are some APIs to play with it in several languages. After fighting a lot I used R**** IDE and works perfectly. Then, ther…
    in Chainsaw Comment by Leonishan July 2019
  • I will give some hints: * User : Image is important to get a hint, but is not necessary to get into User. Enumeration is the key, try to play with the high port like an API. You can use curl, in my case Burp's Intruder help me a lot. A little knowl…
    in Haystack Comment by Leonishan July 2019
  • Beautiful machine, but it is very hard, not a medium level IMHO. I am going to give some hints, I hope there are not spoilers: * User : Dumping is not the solution, you should understand which parameter the application is using and how the response…
  • There is a post already open: https://forum.hackthebox.eu/discussion/1912/chainsaw/p1
    in Chainsaw Comment by Leonishan June 2019
  • Rooted... needed a lot of help because this machine is insane, really... User was funny but root was unnecessary... Moving from machine to machine searching, enumerating, again and again.. I don't recommend it because you could get exhausted. IMHO …
    in Ghoul Comment by Leonishan June 2019
  • Tips that maybe could save time: * User : Dont try to bruteforce, think about common website enumeration. Is faster and efective. After that, try some common exploits, dont think in the easiest way to retrieve a shell, try other kind of exploits. F…
    in Writeup Comment by Leonishan June 2019
  • Wow, what a nice machine, one of my favorites :) I have learned a lot, congrats to @Ic3M4n
    in Ellingson Comment by Leonishan June 2019
  • Hints that worked for me: USER: I didn't used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site :) After that there are a lot of documentacion, I saw a video but the file in the …
    in Swagshop Comment by Leonishan May 2019
  • What a beautiful machine 10/10. Congrats @jkr :) Tips in this post are enough to solve it: USER Pay attention to IPs used when trying to reach the high port, I failed one in my s** command and a 403 error was continuously showed. After that you c…
  • What a nice machine! Congrats @egre55 :) Thanks to @CHUCHO @FlameOfIgnis and @jkr for all your help. PM for hints if you need some.
    in HelpLine Comment by Leonishan April 2019
  • Rooted :smile: this is not a 30 points machine IMHO. User was great, I have learned some tricks to play with J*** d**************. After you get some pings, getting a shell is a bit hard because you cant see why some commands fails. Common shells …
    in Arkham Comment by Leonishan April 2019
  • Wow rooted... root was a bit tricky, I wouldn't have imagined that some commands would have worked even when my logic said that wouldn't. PM if you need some help.
  • Really good fox, learned new things :) PM for help. Congratos to @AuxSarge
    in Fortune Comment by Leonishan April 2019
  • Wow, what a nice box to learn a lot of things about Windows. 10/10, Congrats to @mrb3n and @lkys37en, you did a very good job :smile: PM for hints.
    in Sizzle Comment by Leonishan April 2019
  • Finally rooted :) Thanks @Sh11td0wn and @krypt for your help, I owe you a 🍺 . PM if you need help.
    in FluJab Comment by Leonishan March 2019
  • User is a bit tricky but I enjoyed too much, is a mix of old previous machines. Root was easier than I thought, I was fighting with AV and is not necessary. Very nice box, congrats to the creator! PM if you need help :smile:
    in Querier Comment by Leonishan March 2019
  • User was a pain... if you get stuck in Ha Ha part you could do two things: * Fuzz like a boss to try some LFI that could you give you a hint. * Enum SMB trying to find some path that gives you some idea where the files are stored. Enjoyed root :sm…
  • User & Root. Nice box, PM if you need some HELP ;)
  • User & Root. What a long way :astonished: PM if you need some help.
    in Chaos Comment by Leonishan February 2019
  • User and Root :) With all the information in this post is easier to get it. PM if you get stuck.
  • Got user & root. Quite tricky, PM if you need some help.
  • User & Root. PM me if you need some extra help. Although, The information in the forum is enough to solve it.
    in Irked Comment by Leonishan February 2019
  • Hello @Saiyajin, nice write-up. I used the airgeddon offline cracker that is included with the tool, maybe is a bit faster than john. I also used a small bash line to do the port knocking, I paste it to give another alternative: for x in 3456 823…
  • Very funny box. Congrats to the creator @OscarAkaElvis
  • Rooted, wow a long way to get the flag :) Trying harder things than the easy way.
Avatar

Howdy, Stranger!

Click here to create an account.