Last Active


  • Finally rooted this box. This are my thoughts. USER 1. Enumerate the web directories using anything but gobuster. Be recursive if you must. 2. When you get your first creds play around with the username. Alias for root is what? 3. Some people used …
    in Luke Comment by Malone5923 June 2019
  • Type your comment> @peek said: > Type your comment> @guly said: > > Type your comment> @peek said: > > Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ? >…
  • Type your comment> @peek said: > is the md5 a troll ? I think it is. I have tried all possible combinations I could think of and converted them to md5. Got nothing, but I might be wrong. DB doesnt give much info to move as expected.
  • Type your comment> @FlameOfIgnis said: (Quote) This wouldnt make sense to anyone until you get to that brick wall and you are trying to get pass it, neither does "watchmaker" @mprox . How you guys come up with stuffs like this shocks m…
  • Type your comment> @7355608 said: (Quote) You dont need pro for that. You can use the community version or just use curl with some bash scripting.
  • Type your comment> @0PT1MUS said: (Quote) Yeah. I am also stuck at this point.
  • Enumerate the site, note they got hacked recently.
  • Found ftp creds. No idea were to use them lolz
  • Box now rated 7.5 in difficulty after 2 user owns lolz.
    in Arkham Comment by Malone5923 March 2019
  • Type your comment> @markajbell said: (Quote) Same here. I have been trying several passwords no luck.
    in Arkham Comment by Malone5923 March 2019
  • Really good review @21y4d . I like the fact you wrote from a pro HTB member perspective. Thank you for this. I will also appreciate a PM of your pivoting notes as I am taking the exam next month and this will be usefull to me.
  • Type your comment> @sillydaddy said: (Quote) I just got user and I still cant understand your hint. Some of the hints posted in the forums for machine are so vague that they should have stayed in the poster's head cause its meant for him only.
    in Fortune Comment by Malone5923 March 2019
  • Honestly I'm shocked at this. The hints we usually get are vague in here. So I wonder what must have conspired for someone to send a detailed walkthrough. Honestly I don't believe your post and I don't see any reason why you should like either.
  • Type your comment> @sesha569 said: > What is the start date or ETA for this feature? just out of curiosity... I would also like to know.
  • Type your comment> @1NC39T10N said: (Quote) Fantastic hint. I made a mistake in not using ls -la this cost me some precious time for getting the creds.
    in Netmon Comment by Malone5923 March 2019
  • Honestly I think it's an overkill.
  • I did notice a mistake last 2 weeks I think when netmon was suppose to become active. It was changed at the last minute.
  • Ypuffy, Active were great machines as well and I learnt a lot from them so did a lot of members here. This didn't change the fact that they were all retired. So why is Carrier any different?
  • It is for some. I'm just wondering if the normal flow for moving an active machine to retired as changed. That's the whole point of creating this thread. I expect the Mods to say something about this.
  • What I just want to know is when would this box be retired lolz? I just want to read the write up for root. It should have been retired last week instead of ypuffy according to the normal flow.
  • I just used this tool last night and it awesome. Keeping information in a concise manner. I recommend l2 though. I was able to use the tool to get a hint for privesc in an active machine.
  • A subtle hint for root.
  • @sportsfreak Impacket has a tool for that. Thanks to @1NC39T10N for giving me a hint on that one.
  • Rooted! This was a fun box and quite easy and straight forward if you know what to do. My tips on this box. Initial Foothold. 1. Just enumerate the open services. If for some reason your preferred tool failed try another and try again some more. I h…
  • @garbo77 . String it up 😉
  • Any hints on why the creds is not working for db? I have got the right uid and pass. I even specified the database name. Ill appreciate a PM.
  • There is a lot of bloody ports on this box. Gobuster is getting anything either. A lot of dead ends. Keep enumerating
  • Very nice tool. Uses selenium for interacting with web pages. Makes easy for noobs to understand how brute forcing works.
  • *Spoiler Removed*
  • @g0blin. Thanks for sorting me out. Its working fine now.

Howdy, Stranger!

Click here to create an account.