Last Active
Member, Moderator


  • As the author of the box I’m happy to discuss any questions you have about realism @VoltK If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see…
  • for people stuck on the foothold, good enumeration is key. there are two ways that you can find what you’re looking for, one of the ways is using information that’s provided on the box itself, and a little googling. another is trying something local…
  • you will never have to buy any third-party software to solve a HTB machine, this would be the worst idea ever 😂 as @purplenavi says, the free community edition version has got you covered
  • hey all, for the initial part of user that you have to “do”, this is very real-life applicable, and once you have a session, any changes thereafter won’t affect it. there’s no race condition. happy to discuss any design decisions after you’ve own…
  • for anyone stuck on getting user, the OWASP methodology link for discovering potential bad practices when admins/devs create a new account that @th3y posted is a great hint
  • yes this is unfortunate in the extreme and completely unintended typo by the creator of the original template - we only changed the code for the upload functionality. wouldn’t trivialise something like this
    in Ghoul Comment by egre55 May 2019
  • @RyanCollins sorry to hear that, i agree the unintended method although possible can be a pain. feel free to DM to discuss. ofc i don't promise that the intended way is any less painful, but hopefully there's plenty to learn from the box, whichever …
    in HelpLine Comment by egre55 April 2019
  • (Quote) well done, glad to hear it taught something! cheers!
    in Ethereal Comment by egre55 December 2018
  • hey maycon, I just checked US VIP 10 and it looks okay (he's definitely not on holiday!) it may be worth manually running what you are trying and seeing what the outcome is :) Cheers
    in Ethereal Comment by egre55 December 2018
  • imo something that helps people with limited time decide whether a box has something that they stand a chance of actually seeing on a pentest, or is something that would help on a future CTF is a good thing. CTF/Realistic is arguably too blunt gi…
  • Hi all, Firstly, we really appreciate that people feel passionately about this subject and HackTheBox. We all play a role in this community and dedicate our spare time to this. One person's favourite box may be someone else's least favourite, but …
  • yep, has been fixed now! apologies for any inconvenience
    in Ethereal Comment by egre55 December 2018
  • well done guys! glad you're enjoying the challenge, and thanks!
    in Access Comment by egre55 October 2018
  • lol yeah always the way! gl 😉
    in Reel Comment by egre55 September 2018
  • yep older versions of the tool will work, but re-generating data with the new tool is an additional challenge and more fun :-) @opt1kz
    in Reel Comment by egre55 September 2018
  • it might help if you inspect the traffic you're sending to any of the services @cdoisponto
  • Cheers guys & well done! Happy you learned from it :)
    in Reel Comment by egre55 July 2018
  • glad you enjoyed and learned from it ;) thanks!
    in Reel Comment by egre55 July 2018
  • cheers mate! yep can confirm a lot of effort/fixing problems from mrh4sh and I went into it! The mods/testers are the unsung heroes. But all worthwhile, so glad you enjoyed!
    in Reel Comment by egre55 June 2018

Howdy, Stranger!

Click here to create an account.