Last Active


  • Type your comment> @Gn0m3h4ck3r said: (Quote) Did you get an answer to this? AFAIK you cannot know what processes are owned by whom unless you are SYSTEM already. You can list processes running OK and you can see which ones are owned by your use…
  • I'm having exactly the same problem all of a sudden. Only affects the HTB machine I'm not. All other traffic is intercepted. Happens with manul proxy settings as well as foxyproxy.
  • Excellent. I'm also a father of two in a sysadmin / engineer role so it's especially salient. Thanks.
  • > @MindOverflow42 said: > hi guys I need a help on this macine, I can write some php code in /.list/list11 but i don't know how to exec it. I have got all sources files but i can't find the way. So you cant execute code but you can read fi…
  • (Quote) If you're out of the "jail" then all commands are available assuming your PATH is sorted.
  • So has anyone actually got root (not just accessed the root.txt file)? If so, can you PM me to point to how you did it?
  • (Quote) Definitely the most specific hint on this thread. Thx. So have you rooted it, or just got the root.txt? I've got the flag but I'd like to actually root it.
  • So is there no systematic way of finding the old members site? Is it just educated guessing from cryptic clues? If anyone wants to put me out of my misery please do PM me.
  • Nice write-up. So did you actually ever get a reverse shell via the log poisoning? I got to the same point you show in your writeup - executing simple commands. I'd be interested to know which one-liner reverse shell worked, because all the ones I t…
  • (Quote) Yeah that's a good point.
  • (Quote) Thanks pal :-)
    in OSCP Comment by NeilSec September 2018
  • I know you need it to root it but has anyone had any luck getting log poisoning to work on this machine? I can run commands but not actually managed to get a reverse shell working in the ways I'm used to. Log seems very finicky and chokes various sy…
    in Poison Comment by NeilSec September 2018
  • (Quote) Cool. if your HTB ratings are anything to go by, I imagine you'll be ahead of the game. Good luck with it.
    in OSCP Comment by NeilSec September 2018
  • Hi. Are there any rules re: exposing the actual user/root tokens?
  • Can anyone list the most OSCP-like machines on HTB? One difference I've noticed is PWK lab machines are less like CTF puzzles and more "realistic"
    in OSCP Comment by NeilSec September 2018
  • (Quote) Strange. I just found the file by looking a bit harder. Maybe you got in a different way?
    in Poison Comment by NeilSec September 2018
  • (Quote) Ah OK....some comments imply they got onto the machine by finding an encrypted password file for the user found via the LFI....or maybe they didn't but I assumed they did.
    in Poison Comment by NeilSec September 2018
  • (Quote) I got a user by LFIing the passwd file. Not sure how that helps me find a password file that I don't know the name of?
    in Poison Comment by NeilSec September 2018
  • I must be super dumb but I can't find this backup password file people keep mentioning. I've got an LFI so can read passwd and I've dirbed and dirbusted it with the supplied lists but it's not bringing anything like that up. What am I missing?
    in Poison Comment by NeilSec September 2018

Howdy, Stranger!

Click here to create an account.