bumika

About

Username
bumika
Joined
Visits
1,717
Last Active
Roles
Member

Comments

  • Great job! I think it is worth mentioning which configuration mistake causes that you can download the content of /etc.
  • Type your comment> @gu4r15m0 said: > Type your comment> @bumika said: > > (Quote) > Trying this method but can't seem to get the correct strings, maybe there are special characters between words? Did you play with the minim…
    in Scavenger Comment by bumika February 14
  • Type your comment> @gu4r15m0 said: > OK! > I got User, found the KO, got everything I need from the "incidents", did they change the magic word? I can see it clearly there, why is it not working? :sad: > Please a nudge 1…
    in Scavenger Comment by bumika February 14
  • Let's assume that you read all comments in the proper forum thread and you still need to get information to move on. First, you can find a few users who offer their support: "just PM me, DM me etc." Second, you can find users who have just…
  • :) I think the word “please” is missing in your vocabulary.
  • Since the username on this forum and the username on the web site are often the same, you can check the respect attribute of users on the web site and use the result here.
  • Type your comment> @avz7 said: > @bumika Yeah, I found that. I was talking about the r**** password for r** Ok. Check whether you use the protocol how the r**** client use it. I prefer wireshark.
    in Zetta Comment by bumika February 10
  • Type your comment> @avz7 said: (Quote) You know name of a few modules, don't you? It is easy to guess what is missing.
    in Zetta Comment by bumika February 9
  • Type your comment> @olsv said: > Almost at the finish line. Trying to figure out how to utilize magic word using web shell. Can anyone give a nudge? Are you sure that you know the magic word?
    in Scavenger Comment by bumika February 9
  • Type your comment> @chiefgreek said: > I'm trying to b**** the r**** folders. Have written a bash script using the r**** command for listing. I've got a user from known p*** file. Is there other useful folders to help me get a shell ? at the …
    in Zetta Comment by bumika February 6
  • Type your comment> @resonant said: > Type your comment> @luminougat said: > > (Quote) > Losing my mind here. I've mirrored and matched almost exactly (ident shouldn't matter?) and hit it with so many different combinations of …
    in Zetta Comment by bumika February 5
  • Great box, thanks @jkr! I like machines that use less hyped but often used protocols and presents some vulnerabilities belong to them. There are a few nice concepts in Zetta, and I think the user access part is extremely good. The first part of the…
    in Zetta Comment by bumika February 2
  • Type your comment> @ausldavid said: > I mean iusr to Chris I know. You may know the command but use wrong (not exact) username. You may not know the command.
    in Sniper Comment by bumika February 1
  • Type your comment> @ausldavid said: > I have tried everything. Can anyone show me how to escalate from ixxx to Chxxs? Use the exact username.
    in Sniper Comment by bumika February 1
  • I took OSCP in the pre-proctored era. I hope sleeping is not a subject of visibility. :)
  • Thank you for the detailed description and congratulations! How can I imagine a proctored exam in 48 hours? Do they follow my activity through a camera?
  • Type your comment> @sazouki said: > @VbScrub is it intended to use the nsa tool to reverse that binary I used a native tool to get the only parameter that was necessary but “hidden” for me.
    in Nest Comment by bumika January 28
  • Type your comment> @l4rm4nd said: > I'm stuck with the initial foothold. I've already exploited the client side and received some delicious snack. From here, I gained a more privileged access to some functions. > > I successfully exp…
    in Bankrobber Comment by bumika January 23
  • Type your comment> @ls4cfk said: > Type your comment> @sysdd said: > > (Quote) > It's weird. Changed the time to 600 seconds and it still fails. What does failed mean? Did you get the same error message? There are more tha…
    in Scavenger Comment by bumika January 23
  • Type your comment> @galimba said: > if someone knows of a way of rooting the box (not just getting the flag), would you please DM me? Write instead read.
    in Mango Comment by bumika January 23
  • Type your comment> @burjanbalazs said: (Quote) Hello, you need the passphrase that protects the private key and/or set restrictive permissions on the file.
    in OpenAdmin Comment by bumika January 16
  • Type your comment> @bumika said: > Spoiler Removed Interesting.
    in RE Comment by bumika January 16
  • Type your comment> @awakengaming83 said: (Quote) Since it is an URL, you should use http:// as a prefix. I used a slash at the end of the URL.
    in OpenAdmin Comment by bumika January 16
  • Type your comment> @awakengaming83 said: (Quote) You don't need to modify that script. You should choose proper URL.
    in OpenAdmin Comment by bumika January 16
  • Type your comment> @waldemaro said: (Quote) User.txt contains the user flag which you can validate on the web site. There is also another hash on the box, which has a different role.
    in Traverxec Comment by bumika January 14
  • Type your comment> @kompotkot said: (Quote) You can use that word if you try to get user.txt through another channel.
    in Traverxec Comment by bumika January 14
  • Spoiler Removed
    in RE Comment by bumika January 13
  • This was a really hard but useful and instructive journey. Thanks for @0xdf for the box and @Chr0x6eOs for the hints in the root access phase.
    in RE Comment by bumika January 13
  • Type your comment> @seke said: (Quote) As usual enumeration is the key factor. There is information a little hidden, and another which sticks out a mile. You should join them.
    in Control Comment by bumika January 7
  • Type your comment> @ssklash said: (Quote) Me too. Although I can write a pseudo script which can find that service, and I have found the instructions which are needed for the implementation, but I have no practice in Powershell. The privilege e…
    in Control Comment by bumika January 6
Avatar

Howdy, Stranger!

Click here to create an account.