Last Active


  • "don't be afraid of multiple reverse shells" - I tried doing that but when I try to spawn a second c.e*e through nc.e*e the connection is terminated immediately. Doesn't matter if I try to upload a second file with changed parameters or by…
    in RE Comment by darkkilla August 2019
  • So the user part was pretty straight-forward after reading the stuff on the standard port and related information about it. I found the special directory and obviously something is doing things with the stuff put into that directory. A comment in th…
    in RE Comment by darkkilla August 2019
  • Type your comment> @v1p3r0u5 said: (Quote) Yeah I believe you're not alone with this opinion. Okay, if you know your R**/binex well, the 15 minute User Blood is possible and for those people this might be easy. But the ratings of the box show th…
    in Safe Comment by darkkilla July 2019
  • Hint for people stuck at finding the right technique to exploit the binary: Google the question the binary outputs and you will find a very similar example from a CTF where also the technique is mentioned and partially explained.
    in Safe Comment by darkkilla July 2019
  • Stuck at this friggin' K***X file. Pumping rockyou through it, no results. Do I have to do friggin' Steganalysis on the images or WTF? Using them as key files didn't work. Not even when concatenating them. And I don't know who rated this box as 20 p…
    in Safe Comment by darkkilla July 2019
  • Using some interesting vulnerability I found credentials for a user to login to some service but that stuff is restricted beyond anything. Searching for ways to escape I found nothing that worked, even looking at the config didn't offer anything the…
    in Player Comment by darkkilla July 2019
  • I'm at the point where I'm root on first step (easy slide, but beware... things might get "slippery" when wet :D), I found a lot of SSH keys and decrypted the one that was encrypted. (Getting the passphrase was easy as it struck me as odd …
    in Ghoul Comment by darkkilla June 2019
  • Okay I was able to get SSH access as the one starting with b by feeding stuff to my good friend John and I found two ways to get root. One tedious through the "high thing" foo and one super easy way to bypass this whole ordeal due to the w…
    in Chainsaw Comment by darkkilla June 2019
  • Well I am still blind as a bat I guess. I dumped the contents of the thing from outer space (and also I copied everything I had read access to my local machine... basically rsyncing the "whole" machine... still working on a way to remove e…
    in Chainsaw Comment by darkkilla June 2019
  • Type your comment> @lyak said: (Quote) Are you referring to something from outer space with 4 letters in it? I was blind... lol
    in Chainsaw Comment by darkkilla June 2019
  • Well, hours ago found some weird script in the a*****.. user home subfolder, along with some left over files that are useless without a counterpart. Tried executing the script to see if maybe something shows up in pspy. Tried placing a logger inside…
    in Chainsaw Comment by darkkilla June 2019
  • Question to those who got user: I can pop a shell using a pretty basic technique (even though the path of delivery is quite different and took me a while to figure out, because I never worked with that kind of technology which in my book is placed i…
    in Chainsaw Comment by darkkilla June 2019
  • TL;DR Edit: nvm got it! So as many before in this thread I'm struggling with uploading my shell via the special manager. I've modified the action to go through m.p which includes the --add. and makes the pr**_m**** work by adding a bogus parameter. …
  • So I've RCE and found something in the home directory that is encrypted using a "weak method" but I can't wrap my head around how to decrypt that. I'm trying to throw rockyou at it using some Python tool but that'll take forever and isn't …
    in Kryptos Comment by darkkilla June 2019
  • Well I'm seriously stuck on this box. I got to a shell through some methods I don't want to spoil here for those who have no RCE yet (there are more than enough hints for how to achieve it already posted here). But the hints "look at what you h…
  • (Quote) Forget my earlier request, I've popped root. :)
  • (Quote) PM me and show me what data you found on that port, maybe then I can give you a hint in the right direction without spoiling.
  • (Quote) Earlier on you said you found a specific port and enumerated it. You didn't get any data out of it? Because you should've gotten something from that.
  • (Quote) Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.
  • I really am stuck at where I think I have to h****k $target using "a particular method" (don't want to spoiler here) but I can't figure out how to actually do that. I read tons of stuff about $method, but it all seems to be just pretty vag…

Howdy, Stranger!

Click here to create an account.