Last Active


  • You'll probably be more successful contacting the company directly and referencing that you saw they were hiring on HTB. Gotten a probably 60-70% reply rate that way.
  • Type your comment> @R4J said: (Quote) lmao. that's actually a nice subtle hint.
  • (Quote) Heck, you can just do well in CTFs and apply to a junior position. That's what I did.
  • Not really. If your connection problems are due to people overloading the box or resetting it often then yes it'll probably help to upgrade, but they're not 10x better in every area or anything. Also, listen to farbs. He has some very good points.
  • I have absolutely no clue how to even begin tackling this. First thought it was bytecode, then shellcode, then thought it was a bootloader... all dead ends so far. Only hint is an embedded file that seems rust-based. Edit: Okay, so I have the flag …
  • Fuck me, completely missed the other thread for this challenge.
  • Cool box. It was nice and straight forward from start to finish. Perfect way to spend an hour on a lazy sunday. ^_^
  • Transferwise, maybe? Conversion rates are very good and you get a debit card you can spend from in any number of currencies with no fees (as long as said currency is in your account -- otherwise it auto-converts from another one). Since I travel a …
  • What threw me off is that in Waltz you do a certain pattern and then repeat it kind of "backwards", but that never happens here. You're just doing the "equivalent" to the forward movement a few times. I honestly don't think it's …
  • There's a reliable way to exploit the root step, but you should look for an alternate exploit for the same vulnerability to do it. After that you just have to trigger it. (hint: 5)
    in AI Comment by Xentropy November 11
  • Type your comment> @xct said: (Quote) When @xct is asking for hints you know the pain is real. lol
  • Type your comment> @mech said: (Quote) I originally shared your opinion, but after having gotten it over and done with I feel pretty good about the box. It's not too easy or hard and presents some interesting attack vectors. All in all pretty go…
    in AI Comment by Xentropy November 11
  • For user, once you find the particularly smart page, RTFM and google. You will struggle otherwise. lol Also, go for as high-quality of a male american voice as you can find. I found the (free) ones that were available offline were too poor in quali…
    in AI Comment by Xentropy November 11
  • I've had enough guessing challenges. Definitely in no rush to tackle this one.
  • Yeah, that's lame. Not that there's any real risk coming from it but seems like a development oversight to me.
  • Unfortunately, that process is usually individual for most penetration testers and ctf players and really does come down to building your own methods through experience and repetition. Hacking is more of an art than a science when it comes to method…
  • Finally did it. Holy crap this challenge was annoying. Though saying that, I did learn an absolute ton about GDB in the process so it's not all that bad. Anyone attempting this, watch out for troll flags. There are like 5 of them or something absolu…
  • Got it! What a great little challenge! :D
  • Foothold: Look up high, find a guiding red star and exploit it semi-manually. By which I mean don't blindly rely on exploit scripts (they won't work). User: Lateral movement + standard enumeration Root: Go back to the start and find another way in. …
    in Postman Comment by Xentropy November 3
  • I'm at the same place as limbernie. Unfortunately the shellcode doesn't really look "right" during disassembly. Even wrote up a macro to output the shellcode to disk to make sure my conversion is right.
  • Really seems like a discussion you should be having on the support portal, not here.
  • "keep track" how? It'll show up as completed on the feed on the right and it'll add to your completed box count. Additonally, I'm not sure if you get the badge or not but I think you might.
  • Type your comment> @joshibeast said: (Quote) It's less bruteforce and more intelligent "guessing". I meant more that I did end up having to use a guessing attack in the end, even if the amount of guesses to make was relatively small.
  • I solved this challenge without even once visiting Twitter. My solution did however involve a small amount of brute forcing though, so maybe that's an unintended route.
  • Type your comment> @jmeyer4 said: (Quote) You press the 'start' button and then use something like netcat together with the hostname (docker.hackthebox.eu) and the port provided. However, that said, if you are new to hackthebox I suggest you try…
  • How do you know your VPN connection is "perfect" if it keeps dropping? check your openvpn logs to see if it's behaving as it should or if it keeps trying to reconnect. I ask because it SOUNDS like your VPN connection is dropping from the '…
  • What is disconnecting, specifically? Your VPN? Your shells to the machine? If so, what shells are you using? It's impossible to help you without a bit more information about your situation.
  • Yep, they're different tools and made by different people. And they're not the only tools that enumerate files/folders either. Gobuster, dirsearch, wfuzz, dirb and dirbuster roughly do the same things. They each have their own strengths and weaknes…
  • 200 iq solution: create a cronjob that runs every 5 seconds. Seems like it's waiting for some follow-up signal which it never gets and turns off after a timeout. Measure the time it takes and see if it's consistent, if so it's probably something li…

Howdy, Stranger!

Click here to create an account.