Xentropy

About

Username
Xentropy
Joined
Visits
178
Last Active
Roles
Member

Comments

  • Heh, great easy challenge. Almost not crypto, though I guess it depends on how you define the term. :D
  • You'll probably be more successful contacting the company directly and referencing that you saw they were hiring on HTB. Gotten a probably 60-70% reply rate that way.
  • Type your comment> @R4J said: (Quote) lmao. that's actually a nice subtle hint.
  • (Quote) Heck, you can just do well in CTFs and apply to a junior position. That's what I did.
  • Not really. If your connection problems are due to people overloading the box or resetting it often then yes it'll probably help to upgrade, but they're not 10x better in every area or anything. Also, listen to farbs. He has some very good points.
  • I have absolutely no clue how to even begin tackling this. First thought it was bytecode, then shellcode, then thought it was a bootloader... all dead ends so far. Only hint is an embedded file that seems rust-based. Edit: Okay, so I have the flag …
  • Fuck me, completely missed the other thread for this challenge.
  • Cool box. It was nice and straight forward from start to finish. Perfect way to spend an hour on a lazy sunday. ^_^
  • What threw me off is that in Waltz you do a certain pattern and then repeat it kind of "backwards", but that never happens here. You're just doing the "equivalent" to the forward movement a few times. I honestly don't think it's …
  • There's a reliable way to exploit the root step, but you should look for an alternate exploit for the same vulnerability to do it. After that you just have to trigger it. (hint: 5)
    in AI Comment by Xentropy November 2019
  • Type your comment> @xct said: (Quote) When @xct is asking for hints you know the pain is real. lol
  • Type your comment> @mech said: (Quote) I originally shared your opinion, but after having gotten it over and done with I feel pretty good about the box. It's not too easy or hard and presents some interesting attack vectors. All in all pretty go…
    in AI Comment by Xentropy November 2019
  • For user, once you find the particularly smart page, RTFM and google. You will struggle otherwise. lol Also, go for as high-quality of a male american voice as you can find. I found the (free) ones that were available offline were too poor in quali…
    in AI Comment by Xentropy November 2019
  • I've had enough guessing challenges. Definitely in no rush to tackle this one.
  • Unfortunately, that process is usually individual for most penetration testers and ctf players and really does come down to building your own methods through experience and repetition. Hacking is more of an art than a science when it comes to method…
  • Finally did it. Holy crap this challenge was annoying. Though saying that, I did learn an absolute ton about GDB in the process so it's not all that bad. Anyone attempting this, watch out for troll flags. There are like 5 of them or something absolu…
  • Got it! What a great little challenge! :D
  • Foothold: Look up high, find a guiding red star and exploit it semi-manually. By which I mean don't blindly rely on exploit scripts (they won't work). User: Lateral movement + standard enumeration Root: Go back to the start and find another way in. …
  • I'm at the same place as limbernie. Unfortunately the shellcode doesn't really look "right" during disassembly. Even wrote up a macro to output the shellcode to disk to make sure my conversion is right.
  • "keep track" how? It'll show up as completed on the feed on the right and it'll add to your completed box count. Additonally, I'm not sure if you get the badge or not but I think you might.
  • Type your comment> @joshibeast said: (Quote) It's less bruteforce and more intelligent "guessing". I meant more that I did end up having to use a guessing attack in the end, even if the amount of guesses to make was relatively small.
  • I solved this challenge without even once visiting Twitter. My solution did however involve a small amount of brute forcing though, so maybe that's an unintended route.
  • Type your comment> @jmeyer4 said: (Quote) You press the 'start' button and then use something like netcat together with the hostname (docker.hackthebox.eu) and the port provided. However, that said, if you are new to hackthebox I suggest you try…
  • Yep, they're different tools and made by different people. And they're not the only tools that enumerate files/folders either. Gobuster, dirsearch, wfuzz, dirb and dirbuster roughly do the same things. They each have their own strengths and weaknes…
  • 200 iq solution: create a cronjob that runs every 5 seconds. Seems like it's waiting for some follow-up signal which it never gets and turns off after a timeout. Measure the time it takes and see if it's consistent, if so it's probably something li…
  • Years, definitely. Honestly any box is doable without hints once you have a solid foundation (you can kind of guess your way forward since you're more or less aware of what's "possible") but sometimes it's just smarter to ask for a small h…
  • Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them …
  • Finally done with this box, after like a month of work. God damn did it teach me a lot about Windows. Genuinely highly recommended if you want to learn Windows better and hate yourself. lmao
    in HackBack Comment by Xentropy June 2019
  • Short and sweet box! Root was maybe a little bit too easy for my taste but I hadn't seen this in another box so far so it's fair enough. ^^
    in Jarvis Comment by Xentropy June 2019
Avatar

Howdy, Stranger!

Click here to create an account.