Last Active


  • I use Kali Linux in VirtualBox on Windows host. If I there's some tool that works better on Windows I just use host machine
  • Yes, it deducts money automatically every month
    in VIP Comment by Tellico April 2020
  • Rooted. Nice, medium, very OSCP-like machine. Missed doing one of those after all the Windows boxes. Anyway got caught up in deep rabbit hole after gaining shell. No more tips, the thread is borderline spoilery as it is PM for nudges, but have som…
    in Magic Comment by Tellico April 2020
  • Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I'm starting to like two things I've always hated: Windows machines and enumeration heavy machines. You're surely broadening my horizons :) I didn't manage to complete last step r…
    in Cascade Comment by Tellico April 2020
  • Rooted. It would have been a great, easy boot2root, OSCP like box. Unfortunately the privesc gets painful when more people try to work on it at the same time. It's pretty much one person at a time. User: * Enum there isn't much more to it, really …
    in ServMon Comment by Tellico April 2020
  • Modern browsers are single, biggest resources consumers. I don't know your setup but in my case it immensly helped to increase the memory amount VM can use. That in turn might warrant buying more physical RAM for your host system... Having 4 GB RAM…
  • How would VPN protect you from malicious actors in a subnetwork you're connecting to? Expecially if it's the network, you're specifically accessing using said VPN?
  • For anyone fighting with PoC for low-priv shell- the machine is working and the vuln is available. The PoC script is purposefuly left incomplete by the creator. Read the script and add missing parts. Think how HTTP retains state between requests and…
    in Remote Comment by Tellico March 2020
  • @theonemcp said: (Quote) Thx for the nudge. You cured my serious case of overthinking solved machine ;) Rooted
    in Remote Comment by Tellico March 2020
  • I could use a tip, I'm on what seems to be a last step. Found an installed program related to machines name, exploited it's vuln and got the password. But I've no idea how to use the password now. Any tips?
    in Remote Comment by Tellico March 2020
  • Rooted. Decent, actually easy difficulty box. Kudos to creator :) My only complaint is like the others above: it's really easy to mess up the box, by modifying the crucial parts. Also, contestants leave traces all over the place, leaving unintended…
    in Traceback Comment by Tellico March 2020
  • Rooted, pm me for nudges
  • So, rooted finally. My first hard box, what a journey! Had fun with this one. Thank you @thek I'm not gonna write any tips this time- plenty of help already in this thread. Probably even too much. Nevertheless PM me for nudges if stuck.
  • (Quote) Think about your tested characters list.
    in Mango Comment by Tellico November 2019
  • Yay! Rooted :) Cool, logical machine, thanks @jkr! Tips for user: * Something should stand out in the nmap scan. Pursue that. * When you have shell, enum. You'll find a useful file * You have a key but where are the door? RTF config, RTF manual, g…
  • Rooted! Had much fun with the machine, kudos to maker :) Tips for user * Enum thoroughly * If something seems like mostly frontend app it's probably a rabbit hole * The rabbit hole might be also useful to show what kind of technologies are preffer…
    in Mango Comment by Tellico November 2019
  • Way underrated IMO much better than oneNote or evernote. More features, tagging notes, Wikis...
  • So, finally rooted. I have very mixed feelings on the machine On one hand I think it's being unfairly bashed as CTFy and unrealistic. Sure, the VERB caveat is not the most prevalent vulnerability in the wild. But WAFs breaking exploits and scripts…
    in Wall Comment by Tellico November 2019
  • Rooted! Arguably the best machine I've done on HTB so far. Really struggled with the payload. I'd love to hear from others what payload did they use. I wonder if my way was the only one. Hints: * The forum thread is very informative for HTB stand…
    in Craft Comment by Tellico November 2019
  • Rooted :) Tips: Foothold: simple enumeration should allow you to fully understand how the webapp works. Then, it should be quite clear what to do. User: Find thing, understand how you can control the thing's input Root: Again, basic enumeration s…
  • Spoiler Removed
    in Heist Comment by Tellico October 2019

Howdy, Stranger!

Click here to create an account.