Last Active


  • Currently I am banging my head against this one, I don't seem to be able to get any data from the qr code, even though I think I am using the proper tool for it (using python3). The QR code is correct, since I can decode it with my phone... Any hint…
  • Thanks, I already planned to look at several boxes, including the ones mentioned in the link. After studying those, I can always decide whether or not I am confident enough to start...
  • Thanks for this detailed review. I am rather interested in this exam, since it would be a good fit for my day job as a developer. Do you think/know if OSCP is required for this exam?
  • (Quote) Thanks everybody giving me some hints, but I am looking for hints for "Going deeper", not for "Bypassing Authentication" (which I already solved....)
  • Somehow I skipped over "Going deeper", but after trying to go deeper I can't get anywhere. Could someone PM me with a pointer in the right direction?
  • Root was annoying, for me resizing didn’t work, made a change and that worked for me...
  • I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not. Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machin…
    in Mango Comment by dnperfors November 2019
  • > @protei300 said: > Stuck on login page. Using repeater, but always respond the same... also found /h.....p which redirects. Any idea where to move? Bruteforce login password? found script to inject into nosql dbs.. but it doesnt work... i …
    in Mango Comment by dnperfors November 2019
  • Type your comment> @MrCadimas said: (Quote) Perhaps you shouldn’t use existing scripts, but rather do things manually?
  • Got user a few days ago, but it is very frustrating that people reset the box every time they think an exploit for the initial shell is not working, while it can easily be solved by a few simple commands to that could be sent to r***s that will solv…
  • I liked the box, especially getting foothold on the machine. I learned a lot there, at first I didn't GET the teacher hint, but after using my HEAD I found it out :wink: I think a specific specification was written by teachers. From initial shell t…
    in Wall Comment by dnperfors September 2019
  • Wow, just wow... got that within a minute.... Somehow I have the feeling I already did exactly the same on a (now retired) machine... But this time I didn't use the commandline, but a plugin in an editor which made it even simpler...
  • I have solved it now as well. It was really in front of me, I just needed a more structured way of trying different combinations. Anyway, my tip for this one. There is no need to go deeper into the link of the previous challenge.
  • I am almost there... I think I still need 1 password, which should also be hidden in plain sight, but I don't see it yet...
  • I started with the download, but when I was stuck on the password I went to twitter
  • a really interesting challenge, so far... I also ended up with a domain name and a password protected zip file, but can't find much else... Should I follow connections with Infiltration challenge?
  • Once you know that and how you have to configure Wireshark correctly, it becomes rather easy. I found enjoyed this challenge since it learned me some new things about Wireshark
  • I am not sure how to rate this challenge. The first part was fun, but I didn’t like the second half where google was needed. All hints were given already, so I can’t really help...
  • (Quote) I actually had this exact same issue when I was working on networked. I had to kill the process, but I am not sure what went wrong. (Quote) You can use /bin/sh, which is most of the time just a symbolic link to the real active shell.
  • Fun little challenge. It took me some time too get the data decoded, but once I had that setup correctly using CyberChef, getting the flag was easy...
  • I did it manually, didn’t even know there was a tool that could help...
  • For this challenge I only used online tooling that could I could access with my tablet. It might be that there are tools available to do this, but I didn’t have to look for them.
  • This was a nice one... I like the rabit holes as well :tongue:
  • It can be done by hand, but using a specific tool makes things a lot easier and faster...
  • @b1narygl1tch , yes that is the tool. @cyb3rsinn3r, are you sure you have the right directory?
  • That was a fun challenge. It is great to get some experience using the "tool". All the hints are on this discussion page. (and yeah, I did try to bruteforce my way in, but the instance is not active long enough...)
  • I am probably missing something, but I can't seem to get anything useful out of the Mona.jpg. Can someone give me a hint on tooling to use?
  • Wow, I really need to learn to read properly. I tried almost everything, but somehow though the first step was not necessary.. It is very difficult to solve it without that first step. (first messages in this thread :wink: )
  • Although I found the flag using Python, I am really interested in the solution in bash using curl, sed and md5sum. I just can't seem to get it fast enough, or I made an error somewhere...
  • I liked this box, but I think I got root because of other people using the same tools, which might have made it easier for me.
    in Writeup Comment by dnperfors August 2019

Howdy, Stranger!

Click here to create an account.