Phase

About

Username
Phase
Joined
Visits
333
Last Active
Roles
Member

Comments

  • Made it inside the insect... found s*l.p but returned nothing... is this the right path?
  • Did you use metsaploit more than once? Did you have tools that did it automatically for you? Can't really know...
  • Type your comment> @0x000c0ded said: (Quote) Check out a particular script from impacket that could help enumerate usernames..... lo******d.p*
    in Heist Comment by Phase August 2019
  • Type your comment> @Tyr4an7 said: (Quote) You have to change something locally to be able to access the site.... PM me if you need more help.
    in Scavenger Comment by Phase August 2019
  • Type your comment> @Tyr4an7 said: (Quote) Thinking it's a rabbit hole... Not sure. Try focusing on the webserver...
    in Scavenger Comment by Phase August 2019
  • Type your comment> @farbs said: (Quote) I'm on the same boat as you... Where to even start.
    in Scavenger Comment by Phase August 2019
  • Just rooted. Not sure what everyone meant by looking for a unique process.... I found an encrypted password somewhere that just needed to be decrypted...
    in Heist Comment by Phase August 2019
  • Thanks for this! Definitely will come in handy. ;)
  • Thanks this helps! Got my lab scheduled to start July 20. Cant wait!
  • I don’t think that’s going to work.... IIRC Offshore is a windows Active Directory based lab........
    in Offshore : Comment by Phase June 2019
  • From what I can tell, ippsec is mainly just editing the http requests to different sites. I don’t think you need to learn web development but it will sure help a ton! If you have two years I would definitely Atleast learn the basics. But definitely …
  • Type your comment> @smallgods said: (Quote) I would look at the NIC's on the box you pivoted to. That can give you a clue of where to scan next. :)
    in Ghoul Comment by Phase June 2019
  • Type your comment> @smallgods said: (Quote) Try pivoting to that box and see what you find.
    in Ghoul Comment by Phase June 2019
  • Does anyone have a hint of what to do once I've got user on g*** server? I've been enumerating but theres nothing that really stands out...
    in Ghoul Comment by Phase June 2019
  • Type your comment> @skate4ever said: > I've been working for a few days on exploit, but I think I've lost sometime. I think I got the points I need to get root it's the first time a write a exploit using ROP, but I could not find the right fu…
    in Ellingson Comment by Phase June 2019
  • Type your comment> @Kwicster said: > Hey can anyone give me some pointers on the binary exploit? I managed to get it working locally, but realized that the target machine doesn't have the library i used to create the exploit and I'm kind of a…
    in Ellingson Comment by Phase June 2019
  • Oh man.... BOF wise I would check out Ellingson... Get through that and you should have no problem with the BOF on the exam. As for pivoting, I'm currently on Ghoul and theres so serious pivoting going on. Spent a day just learning about it to be ab…
  • I'm stuck on the second pivot... Are the same keys supposed to work as in the first and second box? I keep getting a permssion denied error. Not sure if it's because I'm doing something wrong or something is just screwy with the keys I got.
    in Ghoul Comment by Phase June 2019
  • Hmmm not too sure then. If the IP and port are correct, pointing back to you HTB vpn IP it should work.
  • I had this same issue. It means your pc isn't listening on the port. You want to issue this command on your machine nc -lnvp 'whatever port you set in reverse shell' e.g. nc -lnvp 1234
  • Try Bastion. That one wasn’t too hard. With every box you’ll learn something new. Just pick one and dive in. :)
    in How to start? Comment by Phase June 2019
  • Type your comment> @meowzilla said: (Quote) Since this seems to be the part everyone gets stuck at I’ll chime in. I had this same problem. Worked on it for 4 days without making progress but I finally got it. If you’re popping a shell locally i…
    in Ellingson Comment by Phase June 2019
  • Yea man I reference ippsec video for so much stuff. His videos are life savers. The way I do it is when I have free time I’ll just watch his videos all the way through. Then when I actually start working on boxes, scenarios will present themselves t…
  • Type your comment> @kekra said: (Quote) Awesome thanks for the advice. That’s a great idea.
    in Ghoul Comment by Phase June 2019
  • I'm stuck at the pivoting part. I have a root shell but I'm not quite sure how to go about pivoting to acquire the other. If anyone has any links or reading material that could help me learn this and get further i'd greatly appreciate it. :)
    in Ghoul Comment by Phase June 2019
  • Finally root. That god dammned ROP was raping me.
    in Ellingson Comment by Phase June 2019
  • @Maxisadas said: (Quote) @MrP4p3r said: (Quote) All the users you found have their own passwords that need to be obtained. Same way you found that password you can find the other passwords that will work somewhere else.
    in Luke Comment by Phase June 2019
  • Anyone who has got root mind looking over my code? Not sure why it's not working when all the addresses and permission look right...
    in Ellingson Comment by Phase June 2019
  • Type your comment> @gm0 said: (Quote) LOL. I enjoyed this. Congrats!
    in Luke Comment by Phase June 2019
  • Type your comment> @CurrentUser said: (Quote) Maybe find a service that usually requires authentication and try it with that. I don't really remember this box but I'd be happy to help in anyway I can if you refresh my memory.
    in Bastion Comment by Phase June 2019
Avatar

Howdy, Stranger!

Click here to create an account.