Last Active


  • I could use some help with this as well. I have no clue how to calculate the size of the stack space after overwritting the EIP... i've tried calculating with loads of different addresses, but nothing worked. Google didn't provide an answer for me…
  • Invoke-WebRequest should work. Try a full path in the -outfile
  • Type your comment> @meb22f102 said: (Quote) Did you try a different port?
  • Type your comment> @MTOTH said: (Quote) The one i used worked just fine without modification, except for the payload ofcourse. I'll PM you a link of the one i used.
  • Rooted. Not the best box here by far. It is a big mess, but maybe that's on purpose to throw us off track or something. User doesn't need any hints really. For root see what is running on the server. Google that and you'll find multiple exploits (a…
  • Rooted this great box. I love the realistic boxes. I had some problems with claiming the root flag. It's really buggy for this machine. I noticed i kept getting the same flag after restarts and even after swithing to another VPN. A friend of mine…
  • Finally rooted. I think this is the most time i've ever spend on a box. But i learned a few new thinks and got to make a few nice bash scripts to help me with a few steps. Many thanks to @TazWake, @marlasthemage and @Andres7ll for helping me out!
    in Quick Comment by Phrenesis2k June 2020
  • Spoiler Removed
  • Nice and easy box to start on again after being away for more than a year.
  • (Quote) Thx, i'll keep that in mind for the next time.
  • > @IteXss said: > hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working? Output it to a file and read it with an…
  • (Quote) I don't entirely agree with this, it's a bit 50/50. Yes, the initial part is pretty silly and very very CTF. The getting shell part is something that can happen in real life. Then the creator made another poor choice with how to get the pass…
  • (Quote) Yes, you have to be an evil teacher.
  • (Quote) Username is case sensitive. So try again. ;)
  • (Quote) No, there is a hint to a file on one of the webpages.
  • (Quote) yes
  • (Quote) It DOES stand out if you look at the right place.
  • (Quote) I rooted it with shell... i'll pm you, i'm getting curious now... ;)
  • (Quote) I just rooted this box and i don't get this hint at all...
  • (Quote) Rooted because of this hint. It has everything you need to get priv esc. I really disliked the first part of this box, but the priv esc part made it all good again because this was my first BOF box.
  • I wish the box creator didn't log hackers actions. I rooted the box before getting user because the steps were logged in an obvious file... I always give a reset before i try a new box, but i guess someone was faster then me and spoiled the box. :an…
  • Rooted. I enjoyed this box en learned new things again. I really like the multiple server ones. To bad this one has a step that can be a fair bit harder if you have multiple people trying to hack it. Anyway, for all the people asking for hints, eve…
  • Ugh, so i just wasted allot of time because someone screwed with the server and the initial site couldn't be found. :angry: After a restart all was fine again. I usually restart the server before i start working on it, skipped it this time and this…
  • This one was nice and easy. It's fun to have one of those once in a while. Never heard about magic numbers before, so i even learned something new today.
  • (Quote) For the A** access...
  • (Quote) If you're still having problems with the A** you can PM me, but the z****x website has great documentation about it with nice examples.
  • > @n1b1ru said: > I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API As mentioned before in this thread, there is no need to …
  • > @samiux said: > Just want to understand why "GUI access disabled" is there? I do not know about Zabbix. Anyone can explain? I'm guessing that the creator doesn't want you to solve this through the gui. Or if you're asking why…
  • Rooted! I really liked this box. I learned allot about talking to the service running on this box. Once i got a shell i actually overlooked something obvious in a script, so getting user took longer then needed. Root was pretty easy (after some goo…
  • (Quote) Or maybe you're not executing the correct exe

Howdy, Stranger!

Click here to create an account.