delo

About

Username
delo
Joined
Visits
22
Last Active
Roles
Member

Comments

  • Not a fan to be honest. Be nice if you could keep the option to view it in 'classic mode'.
  • This what a 30 point box should be like. This one reminded me of the HTB machines made by @ch4p that were online back in the day. I miss these style of machines, I hope to see more of them in the future. Cheers @TRX!
    in Magic Comment by delo April 23
  • Another fantastic windows box. This one and Control have just been great from start to finish. Root is a great trick, which I will look out for more in the real world. You don't need to build anything for it, in fact, you don't even need to upload …
    in Resolute Comment by delo December 2019
  • This is a good box. To get creds: once you have compiled a list of valid accounts. Look into different roasting techniques. Make sure your libraries and tools are up to date/latest version. Root: I tripped myself up here and went deep down some po…
    in Forest Comment by delo October 2019
  • This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job …
    in Scavenger Comment by delo August 2019
  • Wfuzz can do that. It is semi-reliable for HTB boxes. wfuzz -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -H "Host: FUZZ.host.com" --hc 200 --hw 356 -t 100 10.10.10.101 Adjust the threads and hide code/word pa…
  • This box isn't very CTF at all. Everything you need is there and can be found with ease using common enumeration techniques - there is literally nothing you have to guess. I thought the path to shell access was nice, but would have liked to see a bi…
    in Luke Comment by delo May 2019
  • What a ride. An instant HTB classic! Up there with the other HTB *nix greats (holiday, joker, jail, ariekei, reddish, etc) in my opinion. Extremely well thought out - gotta love boxes that teach you new tricks. Excellent work @jkr cheers for creat…
    in onetwoseven Comment by delo April 2019
  • Good work to the Italians for pwning. They are seriously on another level. I don't really care about the CTF stuff, I like it. Because everyone seems to be struggling, I'll state some of the things I've found in the short amount of time I have had…
    in FluJab Comment by delo January 2019
  • This is a really cool write up and a lot different from the way I approached it, especially the initial foothold stages. Always good to learn something. Cheers for sharing.
    in Oz Write Up Comment by delo January 2019
  • Those ports...
    in Sizzle Comment by delo January 2019
  • Hacking communities aren't what they use to be.
  • Very nice box Sahay. Really enjoyed the path to initial access. Thanks for creating.
    in Chaos Comment by delo December 2018
  • I've been playing HTB for 549 days according to my profile. I have loved every box/challenge I have ever been lucky enough to complete and am grateful to the machine creators for making. I'm also grateful and forever indebted to ch4p and the HTB tea…
  • Hmm from memory i was dropped straight to a system shell using that exploit? Try a rotten or juicy potato if you have a service account: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/ htt…
  • I think I used the NSA exploit "explodingcan" via fuzzbunch on that one (maybe it was granny?), way back when. You could give this a shot and change the payload to a cmd shell to avoid msf completely: https://github.com/danigargu/explodin…
  • Great box @burmat cheers for making. Forget bruteforcing this box for the initial steps - only way that will work if someone has manually changed the functionality of the web gui. Unless they've changed sufferance, this box is nothing like it.
    in Zipper Comment by delo October 2018
  • Probably not a good box if you are new to this kind of thing, especially the priv esc - which was very clever and completely kicked my ass. Great box @snowscan thanks for creating.
    in Carrier Comment by delo September 2018
  • Yes, oscp helps your career. The exam is excellent. I found the exam much more enjoyable than the labs. It took me two attempts to pass the exam, because I made the exam harder than it actually was. You won't need metasploit for any of it.
    in Advice: OSCP Comment by delo August 2018
  • Write your own from scratch. It's simple compared to some of the binary exploitation you will face on htb, and it's completely covered in the course work.
  • Think in threes.
  • @thek - Thanks for sharing. Elfparser seems like a good tool for initial static analysis, especially for RE novices, like myself.
    in Bombs Landed Comment by delo July 2018
  • Nice post. Is it launched as system all the time? Or only when the user who is logged in has admin rights?
  • Everything after user is quite challenging on this one. If you use the clues left by creator along the way and study hard you should get it in a few days. In my opinion this is the best windows box I have ever done on HTB. Very well made. A lot of …
    in Reel Comment by delo June 2018
  • Great challenge. Thanks to the creator.
  • Man, I love your autopwn scripts. Great job as always.
  • Maybe what you think isn't feasible actually is...
  • @davidlightman - Not that far fetched if you've been interested in 'security' for a long time. Without giving too much away the lack of points of contact and the OS version gave it away for me. If you want my exact thought process, pm me after you'…
    in Dropzone Comment by delo May 2018
Avatar

Howdy, Stranger!

Click here to create an account.