Last Active


  • Hey all, could use a nudge on username needed on foothold.. I've been enumerating all day and can't seem to find the file.
  • struggling to figure out the root puzzle. I assume I'm failing to enumerate something, but I've checked everywhere I can think of. I've run multiple privesc checkers looking for info.. poked around the registry, can't find anything useful. A nudge …
  • Hey man, So.. when you run sharphound.exe it should spit out a .zip file, drag and drop that zip file into the blood hound application window, that should import the data.
  • Rooted. Took me a bit to figure out root, I'm available for hints if you need it!
    in ServMon Comment by Lycist April 14
  • Is Pass****s.txt where the file says it is? I can't retrieve it using the LF*.. I've reset the box and tried imediately after, still no luck.
    in ServMon Comment by Lycist April 13
  • Rooted the box, couldn't figure out the password for the i******l p*p script, j**n wouldn't crack it, can someone pm me how they cracked that specific pw? I went an alternate direction to get root.
    in OpenAdmin Comment by Lycist January 15
  • Taking a look at these, sorry to revive a long dead thread, but how do I connect to the docker instance in order to exploit the port?
  • Rooted. Not sure what was going on, but an exploit I've tried a dozen times suddenly worked... Also the r**** exploit started working again... glad to be finished with this finicky box.
    in Postman Comment by Lycist November 2019
  • Struggling to get a m********* exploit working against w*****... I assume I need to change a path, but my original way of getting in via r**** isn't working.. did something change? I could use a hint on root if anyone is around.
    in Postman Comment by Lycist November 2019
  • Could use a nudge on the initial enumeration. I've found /b*** but can't seem to find anything useful there.. Should I be using something other than directory-list-2.3-medium.txt?
    in Registry Comment by Lycist October 2019
  • Anyone around that would be able to take a look at my syntax and tell me what I'm doing wrong? I'm getting "{"message": "The browser (or proxy) sent a request that this server could not understand."}" when I try to c*…
    in Craft Comment by Lycist October 2019
  • Well, lets see... I've got 4 potential users with a dozen or so permutations per username, and 4 passwords with a bunch of different potential variations of those. I could enter a couple hundred entries by hand trying them out, or I could automate …
    in Ellingson Comment by Lycist May 2019
  • @Crafty, I tried the same thing and got no results, I'm thinking its the username that is the issue..
    in Ellingson Comment by Lycist May 2019
  • Stuck on LFI like many others, I know the file location, I've uploaded files. Can't get the ti******* parameter to hit it though. Any hints would be appreciated.
  • Did something happen to this box? The RCE exploit that I used to get in yesterday stopped working, and gives a "Nonetype" object has no attribute group. which stackoverflow tells me means I'm getting no response on it. This would be the R…
    in Swagshop Comment by Lycist May 2019
  • I have the V** file m*****d, I've gotten the credentials. I did not see the user flag anywhere though, and I can't get the creds to work anywhere. Would appreciate a bump.
    in Bastion Comment by Lycist May 2019
  • I hope you pass man. I don't have a solid answer for you, but we took our test on the same day, and I'm in a similar boat, also not sure if I passed.
  • Stuck on initial foothold. I've enumerated up to /s********/d*****/u******, but it 403's.. I've used dirsearch and gobuster both with multiple wordlists looking for .php/html/txt files and i"m not finding anything.. A previous tip mentioned so…
    in Vault Comment by Lycist March 2019
  • Got it, that website was a huge help, thanks!
  • I've seen the picture... I've downloaded an appropriate scanner to scan the 'big picture'. but instead of getting the flag, I get a series of numbers, ie: 87773612839957. This number is different every time I scan the big 'picture'.
  • Not sure what I'm doing wrong here, but anytime I scan it I just get a bunch of numbers... No flag, no info.
  • Ah! I'm blind. Ok, thanks!
    in Stego Comment by Lycist October 2018
  • Something that helped me a ton was spinning up my own windows 10 vm and playing with r***s there. That way I could see the actual output of what was happening. It was very illuminating.
    in Access Comment by Lycist October 2018
  • Finally cracked this box, user and root. Took longer than I'd like to admit though. I learned quite a bit on it!
    in Access Comment by Lycist October 2018

Howdy, Stranger!

Click here to create an account.