Zot

I got published in 2600 magazine for the 2nd time now. The Article is called: Android Smartphone Secret Codes: Revealed. A basic little primer on reversing Java/apks/android programs, & extracting useful data. It feels good to be an author/paper writer/contributor to the scene. So I got the hack itch after seeing that published, & now I'm scratching it on HTB again. Feels good. Racked up 4 systems, 4 users, & 3 challenges in the past week (excluding retired machines). I feel badly, about abandoning the TheCryptonomicons (the HTB group I started) when I did, but I had to. Maybe TCN (The-Crypto-Nomicons) will get going again. Become a force to be reckoned with again (we were in the top 40 groups at one point. Like thirty something or other).

About

Username
Zot
Joined
Visits
384
Last Active
Roles
Member

Comments

  • I just watched/listened to "Martin Garrix & Brooks" - "Byte" for the first time, right now. & I was so impressed, I needed to lookup this thread. https://www.youtube.com/watch?v=zH9sXggRlxc Also, whenever it is this time…
    in Music Comment by Zot December 2020
  • Type your comment> @Zot said: (Quote) I just had a terrible, horrible thought. If somehow, I couldn't have cereal anymore, I'd be decerealized. gasp Then I'd probably get thrown into rehab. Get released into a group home. Have to go to cerealaho…
  • I've been on this S'Mores cereal binge for awhile. It's like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It's da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.
  • Yay! I finally got user.txt I feel like a part of history (probably the most profitable... spoiler... right) On a completely unrelated note, have you guys ever checked out visualhack on vimeo.com ? They have like, 75 howto videos (that I've noticed)…
  • Type your comment> @sigeri said: (Quote) I just got it. I actually had it, but I didn't check my exfiltration data thoroughly. It's in a table, a table with, "sensitive" data. I dig this fortress! Had A LOT of phun so far. I always sa…
  • I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :)
  • Step 4 has shown me some things, I've tried EVERYTHING on this page: https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/ I also tried looking up the Exchange "CANARY" attack, but, I don't know how, & couldn't find a good…
  • Lemme try & be nice... 1) view-source:?????? 2) SQLi 3) Log in, Click around I was going to ask for some help, but I didn't realize this was a totally new Fortress. I guess I should just "try harder". But dammit, if I try any harder I…
  • Type your comment> @luca76 said: (Quote) I've never used the... restricted environment (if you've made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterp…
  • Type your comment> @luca76 said: (Quote) No luca, I wasn't trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It's all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca …
  • I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. :/ I don't think this is a spoiler because it helps with absolutel…
  • Spoiler Removed
  • Wow, Jarvis is fun, but I can't make much progress. The server is getting beaten too badly by people. Crawls, then gets reset, crawls, reset, etc. Guess I can wait until things calm down. Or go VIP again. I'm not going to spoil anything, but here's …
    in Jarvis Comment by Zot June 2019
  • I started hacking when I had a PreComputer 2000 toy. I wrote 10 PRINT "FUCK YOU!" 20 GOTO 10 in the built in BASIC interpreter. (my first malware) A few years later, I was on a public terminal that had CyberPatrol nanny-ware parental contr…
  • Type your comment> @hansraj47 said: (Quote) Wow, how did you estimate 120,000 users? I estimate HTB has 20,000 users, because it seems that https://www.hackthebox.eu/home/users/profile/19994 is the highest user ID profile. Are you talking about …
  • That makes NO sense to me. Querier is a newer machine. I thought the oldest was always the next for retirement.
    in CTF - Machine Comment by Zot June 2019
  • Wish I didn't have appointments today. I see CTF at the top of https://www.hackthebox.eu/home/machines/list so I assume it's retiring tomorrow? If anybody can help me with the backup script cron, I thought wildcards gone wild applied, but not so muc…
    in CTF - Machine Comment by Zot June 2019
  • Type your comment> @killallwebdevs said: (Quote) I think you need a different ssh client. I've been screwing around as the Apache user, because I didn't realize the MD5 looking password was a password, & didn't need to be cracked. HA! Gotta …
    in CTF - Machine Comment by Zot June 2019
  • I'm gonna try & be discrete. Less than 300 pwns, difficult box, don't really expect much chatter, but it's retiring, like to have some fun before it does. I've got stoken, & token, I've got my clock adjusted, I've got my injection *)** &…
    in CTF - Machine Comment by Zot June 2019
  • So, I got root, the easy way (still can't believe that worked). Took my hash, looked up some write ups, & now I want to be able to get root the right way (popping a shell). I got a meterpreter shell (even tho I don't really need it) that was nic…
    in Arkham Comment by Zot June 2019
  • Wait, so the new VIP system is active? In a beta section? I've been waiting to renew my VIP access until the dynamic loader was working on all retired systems.
  • Finally! user.txt sheesh jeez gosh golly. That was work, wipes sweat from forehead :sweat: Finally rooted! In retrospect, it was a pretty straightforward, almost, ALMOST simple challenge. But Without errors or responses that I couldn't debug, I ex…
    in FluJab Comment by Zot June 2019
  • Type your comment> @3mrgnc3 said: (Quote) That's cool, @3mrgnc3 Keep those boxes coming! I like to think you're encouraging people to follow your path, cuz you've done it right, it seems. But it can come off as elitism, yes. Everybody has to ca…
    in FluJab Comment by Zot June 2019
  • Type your comment> @Alienware said: (Quote) I noticed a writeable dir that kinda changed everything (eliminated race condition from my train of thought).
    in Writeup Comment by Zot June 2019
  • Type your comment> @Alienware said: (Quote) The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using bus…
    in Writeup Comment by Zot June 2019
  • (Quote) I guess the positive thing to say would have been "provide it a wordlist". my bad, I guess.
    in Writeup Comment by Zot June 2019
  • Spoiler Removed
    in Writeup Comment by Zot June 2019
  • Type your comment> @p0n said: (Quote) Yes, I agree w/ @p0n. But I'd say @0xAMS, you lie, or perhaps, ahem "Try harder".
    in Writeup Comment by Zot June 2019
  • I dunno if the exploit is "matrix" or swordfish" like, but is does sort of remind me of padbuster, the way it increments, I guess. It is neat tho, having phun :+1:
    in Writeup Comment by Zot June 2019
  • While I'm at it. Everybody seems to have an opinion on this box (most opinionated thread I've ever read on HTB, IMHO) so here's mine. I find the inability to run tools annoying. All it does is make the process of pentesting take longer. I assume mos…
    in FluJab Comment by Zot June 2019
Avatar

Howdy, Stranger!

Click here to create an account.