Last Active


  • * "IRL this probably won't happen..." Says who? You don't think you'll ever do a pentest where a malicious hacker has gotten in first? I like to retrace my steps to see what others are doing. e.g. if web-app allows uploading a reverse s…
  • I don't know if I'd rate this as a pure CTF. It's a lot of code reading, but that's part of pentesting real world systems too. It just seems to be more condensed here. At least it's not in some obscure language. Foothold: Any fuzzer should work.…
  • Just throwing this out here... for all the "Not Full Screen" comments, stty is your friend here, no need to worry about screen sizes.
  • For those having issues with the CVE exploit, there are other ways in. Don't overlook what the web application is for. For those who got the CVE exploit to work, I'm open for a DM, curious how you got passed the waf.
    in Wall Comment by cdf123 September 2019
  • Re: RE (Quote) You're going with that pun?
    in RE Comment by cdf123 July 2019
  • had fun on this box, very well done. loved the clues along the way. would pwn again.
    in Jarvis Comment by cdf123 June 2019
  • fixed my issue. for those in the same spot, stop going through the wrapper. think of where the destination is and try a simpler path. hope that make sense without spoiling anything.
    in onetwoseven Comment by cdf123 April 2019
  • Keep getting "File uploaded successfull.y", but no file can be found. Is this a rabbit hole, or am I missing something?
    in onetwoseven Comment by cdf123 April 2019
  • Also interested in hearing alternate root/user methods. @iseethieves I can confirm port 80 unauthenticated method still works.
  • I feel like I'm close, but keep getting a "ERROR: notification NO-PROPOSAL-CHOSEN" message. I've tried a few different proposals, but so far no luck. :( Any help would be appreciated. Edit: got in. Used the masked mammal to connect. U…
    in Conceal Comment by cdf123 January 2019
  • (Quote) ditto
    in Oz Comment by cdf123 December 2018
  • rooted. took a break from the direct root route and went for user first. this is a great example of some of the lessons you learn from oscp. don't just attack the first thing you see, and know when to move on to something else. yeah, it might be…
    in Redcross Comment by cdf123 November 2018
  • (Quote) Also could use help with this. I'm seeing multiple overflows, with different techniques and limitations for each. The few guides I've found don't seem to match up with what I'm seeing, or are specific to their own binary, so they've rigged…
    in Redcross Comment by cdf123 November 2018
  • (Quote) ditto
    in Vault Comment by cdf123 November 2018
  • Could use a hint on privesc. Got something I'm trying, but can't seem to get it to work right. Not sure if this is another rabbit hole or not.
    in Dab Comment by cdf123 August 2018
  • I'm guessing both terminals had stty echo, so you probably needed to Ctrl-Z and stty -echo on your local terminal and bg to get back to the remote shell.
  • It depends on the job, and your scope. If you are onsite-onsite, then big screen is a must. If you're onsite-hotel, then I'd go with a bit more portable, and have an extra screen with you. Here's mine (pretty light, portable, and doesn't take muc…
  • As a general rule for bruteforcing things, don't just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.
    in Mischeif Comment by cdf123 July 2018
  • Any chance of narrowing that down? There's a lot of mishchief that can be pulled on a linux system if you're trying to prank users. ;-)
  • Can anyone spare a hint on the second login? Nothing I've tried seems to be working. Also found another page, but it doesn't give any output with anything I do to it.
    in Mischeif Comment by cdf123 July 2018
  • :(
    in Mischeif Comment by cdf123 July 2018
  • lol, here come the language wars. :O p.s. I did mine in expect.
  • I would recommend Decoder Improved, Notes, and JSON Beautifier for added extensions. As for learning Burp Suite itself, I would focus more on learning the HTTP protocol, the tool will come naturally after that. Use it on normal sites, rest apis, s…
  • Box name is a great hint as well.
  • Something to consider to help feeling less overwhelmed, burn your first exam. Ready or not, just take it. I'm guessing that a good portion of your overwhelmed feeling is coming from anxiety about not knowing what the exam is like, or what to expec…
  • Could also use some guidance for privesc. Not sure how to explain without spoilers, and I'm not sure if I'm even on the right track. <spoilerfree> I see that the [redacted] has two [redacted]s of [redacted] [redacted]. I got a [redacted] tha…
    in Nightmare Comment by cdf123 May 2018
  • In the same boat as uck084. I know where I want to go from here, but don't know how the pcap is relevant, and I'm not seeing much else. Any help is appreciated.
    in Olympus Comment by cdf123 April 2018
  • I go the folder structure route. I use multiple kali vm's for different purposes. Each has the root user's home managed by git that I push to my server. For htb, I use a folder for each box. Notes are in a file. Scripts, command outpu…
  • Any hints on how to catch the train?
    in Inception Comment by cdf123 April 2018
  • Not sure about your specific case, but usually ownership and/or permissions are the first culprit. Otherwise, the file could be immutable (chattr/lsattr), or the filesystem could be mounted readonly either by root, hardware mechanism, or detected f…
    in Nibbler Comment by cdf123 March 2018

Howdy, Stranger!

Click here to create an account.