Last Active


  • Yep, they're different tools and made by different people. And they're not the only tools that enumerate files/folders either. Gobuster, dirsearch, wfuzz, dirb and dirbuster roughly do the same things. They each have their own strengths and weaknes…
  • 200 iq solution: create a cronjob that runs every 5 seconds. Seems like it's waiting for some follow-up signal which it never gets and turns off after a timeout. Measure the time it takes and see if it's consistent, if so it's probably something li…
  • Sounds like a client-side issue. Have you tried running ovpn as root?
  • Years, definitely. Honestly any box is doable without hints once you have a solid foundation (you can kind of guess your way forward since you're more or less aware of what's "possible") but sometimes it's just smarter to ask for a small h…
  • Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them …
  • Finally done with this box, after like a month of work. God damn did it teach me a lot about Windows. Genuinely highly recommended if you want to learn Windows better and hate yourself. lmao
    in HackBack Comment by Xentropy June 24
  • Short and sweet box! Root was maybe a little bit too easy for my taste but I hadn't seen this in another box so far so it's fair enough. ^^
    in Jarvis Comment by Xentropy June 23
  • Ordinary ASCII is not 8 bits. :P
  • Rooted! What a fun box! Every step taught me something I haven't gotten to do on HTB before. :D User: Just use what's in front of you. Root: It's still in front of you, but it's no longer related to previous steps. :) (There's another step after …
    in Chainsaw Comment by Xentropy June 17
  • Don't kill and restart certain processes. They don't re-instantiate and you end up with unusable services.
    in Chainsaw Comment by Xentropy June 16
  • Usually you get this really cryptic issue because you're trying to run a file which isn't compatible with your current setup and you're missing dependencies. Do you get the same message if you try to run it as ./ovrflw ?
  • Root was freaking awesome! Never had to do that before and it was so much fun creating a working exploit! :D
    in Smasher2 Comment by Xentropy June 9
  • Some people are having issues with cracking because what they're getting out of a popular tool isn't valid data despite looking like it. Make sure everything the tool gives you looks right. I don't know if it's caused by server load or what but if y…
    in Writeup Comment by Xentropy June 9
  • For people stuck on the hash, either use "the tool"'s script or alternatively use hashcat. I'm sure you can make john work somehow but getting hashcat to handle the salt correctly was a lot more straight-forward.
    in Writeup Comment by Xentropy June 9
  • Someone with deeper understanding and experience will hopefully chime in, but basically: An egg is a tag (a little piece of data which we choose) followed by some shellcode. An egghunter is a little piece of code that looks around in memory for a s…
    in Egghunter Comment by Xentropy June 8
  • Do you have to bruteforce the second login? Because it's as brittle as crackers and immediately starts timing out as soon as I start testing against it and have to restart the server. Edit: I haven't made it past the second login yet, but based on …
    in Smasher2 Comment by Xentropy June 5
  • Really wish this has a checkpoint or so. I've got a low priv shell but the way it's set up it's taking like 2-3 minutes for each command to complete. lol
    in HackBack Comment by Xentropy June 5
  • Type your comment> @cyberus said: (Quote) I kind of like having something to work towards. Endgame is my biggest reason for grinding towards Guru atm. Only 10% to go! :P
  • You've probably copied and pasted it along with some special non-base64 characters. Typically it's a trailing newline or other whitespace characters elsewhere, in my experience.
  • Rooted and got user! Holy crap I'm sure I didn't do this the intended way because I f***ed this box HARD to get that to work. Hahaha. Okay, time to reset before anyone notices.
    in HelpLine Comment by Xentropy May 26
  • Cherrytree ftw. Free, offline, open-source, Markdown, hierarchical, font support, password protection, searching through everything... what else is there I could possibly need? I hate anything that is online-only like pentest.ws because it makes a…
  • @Peyphour that's a good one, but I prefer just keeping a small set of tools since for me whenever I get a "big bin of tools" I just end up not using most of it. lol My go-to ones are: Stegsolve.jar Stegcracker steghide binwalk strings vim…
  • Fun box! Just got root. My hints: User: Enumeration + a small waiting game. Some hints from the first page you saw can cut down on the wait a bit. :) Root: Quality of life tip: once you know which file(s) to go after, download yourself a local cop…
    in Ellingson Comment by Xentropy May 19
  • Holy shit, what a journey! Path to root flag was so damn long. Hahaha. Thanks @MinatoTW and @egre55 for a great but holy-shit-painful box. Tips for user: If you can't see a path, make one. Tips for root: Pivot pivot pivot and ENUMERATE. Like dam…
    in Ghoul Comment by Xentropy May 19
  • To anyone still doing this challenge, this is not a spoiler but a quality-of-life-tip: if you want the tweets locally, shove the account into https://exportcomments.com and go make coffee and then convert it to a csv to save yourself 20 minutes copy…
  • Type your comment> @MisterBert0ni said: (Quote) Haha, and all this time I figured it was my enumeration failing. Thanks. :)
    in Ghoul Comment by Xentropy May 11
  • Am I daft? I've enumerated both sites both with custom wordlists and more "standard" ones but I still can't find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here plea…
    in Ghoul Comment by Xentropy May 11
  • Do I need to target the login or the upload first? Found probable pass for #1 but no matching username so far and all the folders I looked into for the upload seem like dead ends.
    in Ghoul Comment by Xentropy May 10
  • You just need more practice, tbh. Also focus more on difficult ones, they'll likely take you days but the experience you accumulate is worth 200x that of the easy ones, imo.
    in CTF Skillset Comment by Xentropy May 9
  • It'd be cool if a small portion was locked behind ranks, so you could kind of buy an exclusive t-shirt or w/e as a trophy for how far you've gotten. :)
    in swag store Comment by Xentropy May 2

Howdy, Stranger!

Click here to create an account.