https://defarbs.com Detailed writeups of retired machines! :)


Last Active


  • This is a 20 point challenge? Am I going insane?
    in [WEB] ezpz Comment by farbs December 14
  • Type your comment> @peek said: (Quote) If that's the case then hire away my good sir, I'll be waiting... 😂
  • To those of you who are stumped by this, Googling something like "temple symbol crypto" is enough to get everything you need to complete this challenge. Try harder...
    in Templed Comment by farbs December 2
  • Rooted. Nice one @clubby789, although I believe there is an "easy" (and potentially unintended) method for root that should be patched if possible as it sorta ruined that bit for me. I'm going to go back and do it the (what I believe to be…
    in Obscurity Comment by farbs December 1
  • Rooted. I got a root shell, and I used the exact same syntax to obtain it about ~13-14 times over. I reset the box twice. Super unreliable and not sure how to MAKE IT reliable. I didn't change my methods for running anything the entire time. Did the…
    in AI Comment by farbs November 28
  • Type your comment> @rholas said: (Quote) Why do you say that? This hint helped me find what I was looking for!
    in Control Comment by farbs November 27
  • Got user! That was actually a ton of fun. Thank you @rholas and @ALK for improving my Windows knowledge, and also to @TRX for making me feel stupid :D
    in Control Comment by farbs November 25
  • Solid machine. User may have been a bit much for some new guys, but overall, I thought everything was decently well thought out. Nothing was too difficult. Foothold: CVE User: Enumerate. The creds aren't useless... Config files can also be useful. …
    in Traverxec Comment by farbs November 23
  • I am not going to guarantee your performance issues will improve purely based on your current description, as there could be a number of different factors affecting your levels of connectivity. However, as someone who currently has VIP, I believe I …
  • Type your comment> @Shad0wQu35t said: (Quote) Yeah. I, too, saw the vulnerability during initial enum, and it worried me quite a bit for this very reason. Oh well, not the end of the world. Just a bit disappointing.
    in Traverxec Comment by farbs November 16
  • Just started this machine, and promptly stopped lol. WAY too many issues, not even worth my time. I'll come back next week or something.
    in Traverxec Comment by farbs November 16
  • Got around to this yesterday and rooted it. Looked past the first bit for user out of eagerness. Taught me to enumerate harder again. Hints on here are already enough, as previously stated. Good luck everyone!
    in Postman Comment by farbs November 5
  • Type your comment> @xdaem00n said: (Quote) I haven't even done the box what are you talking about? 😂
    in Sniper Comment by farbs October 6
  • The samba version is clearly vulnerable here. This particular version, samba 3.0.20, is vulnerable to RCE. You could tell that by running searchsploit samba 3.0.20 and getting the resulting exploit. From there, one can obtain the exploit by navigat…
  • So far, I've spent more time setting up a Windows VM just to DO THIS BOX than I have actually working on the box itself. Not sure if this is intended or not, but I spent the last 8 hours trying to figure out how to do it in Linux and it doesn't work…
    in Json Comment by farbs September 30
  • Rooted. Pretty disappointed with this one. Thanks to the creator, regardless.
    in Wall Comment by farbs September 15
  • I may be interested. Feel free to PM.
  • Rooted. This one was really solid -- 9/10. I've worked with git in the past, but this was a good refresher. Everything was very obvious when I turned my brain off and stopped delving too deep into it. I normally would give some hints, but I escalat…
    in Bitlab Comment by farbs September 11
  • Type your comment> @clubby789 said: (Quote) No worries. Already got it. Thanks, though!
    in Bitlab Comment by farbs September 7
  • Should I be trying to de-obfuscate? Edit: The answer is yes. Got a shell on the box. Working on user now.
    in Bitlab Comment by farbs September 7
  • What's up with some of the poor reviews on this? It was really straightforward and simple -- I actually really liked it a lot. Thank you for the box, @guly. Hints... User: Enumerate the web service. Check out different web directories to get back…
    in Networked Comment by farbs August 28
  • Type your comment> @Tohzzicklao said: (Quote) Not a spoiler. But I've already found what you're referring too and can't latch on.
    in Scavenger Comment by farbs August 24
  • Staring this stupid insect in the eyes right now... I'm in, but need some clarity. Any nudges?
    in Scavenger Comment by farbs August 23
  • Type your comment> @feffi said: (Quote) Not sure what you're referring to...
    in Scavenger Comment by farbs August 18
  • Not even sure where to focus my energy yet...
    in Scavenger Comment by farbs August 17
  • Type your comment> @Ryan412 said: (Quote) The SHA-256 is merely a pointer... I wouldn't bother trying to crack it. Look at the running processes on the machine instead.
    in Heist Comment by farbs August 16
  • Nice and easy box. Thank you @MinatoTW for the quick solve -- I've enjoyed almost all of your boxes so far (except for Ghoul, I'm sorry :disappointed:)... This was a great way of introducing a Windows box to newer users with less environmental famil…
    in Heist Comment by farbs August 16
  • Type your comment> @debeMechero said: (Quote) Focus on the name of the box
    in Rope Comment by farbs August 16
  • Did you reset the box and then root it?
  • Type your comment> @juggydancesqd said: (Quote) Careful saying they "don't work anywhere"...
    in Heist Comment by farbs August 14

Howdy, Stranger!

Click here to create an account.