Type your comment> @Ranger32 said:
(Quote)
This is a binary exploitation challenge. You're not going to be able to exploit it using a browser... Try researching methods of remote binary exploitation by connecting to the remote instance with netc…
I remember speaking with you over a year ago here on the forum regarding some active machines. We never got into any personal conversation, but it was nice to exchange thoughts back and forth with you and learn more about your process. I'll keep an …
Nice tool! I personally prefer to use revshellgen https://github.com/t0thkr1s/revshellgen
But I appreciate you posting this here! I'm sure many others will as well. Cheers.
Simple and straightforward box. Wasn't a fan of the login guesswork, but everything else was pretty good.
Login - Try some fuzzing to get the first thing you need – the "usual" wordlist might not have it. Specifying extensions is importan…
Type your comment> @idevilkz said:
(Quote)
Please do not brute force. There's no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you're probably missing something crucial…
Active machines operate on a different VPN pack than the Starting Point machines. Make sure you are using the correct VPN. In my experience, you should not be able to access the Active machines from the Starting Point VPN connection.
Rooted. Root seemed way too easy, so I'm not sure if it was actually intended or not.
Foothold - Fuzzing for a different entry point before forcing your way in (you can also check the front page for a hint as to where to look)
User - The name of th…
Few rabbit holes, but nothing to get in a fuss over. The initial foothold is easier than it appears at a glance. Root is cake. Everything needed has already been mentioned. Thanks @polarbearer and @GibParadox
Put this challenge off until it was the very last one on my list... (not intended to offend either, I was actually just scared of it :joy: ) After spending numerous days on it locally and quite a few hours remotely, it has finally been conquered. Th…
Really simple way to solve this that doesn't require doing any conversions. Fun coding exercise and not too difficult if you break down the process into pseudocode before writing it out. Think of an easier way you can capture the QR code without exp…
This was a really tough but awesome challenge. Not sure why it is only worth 30 points, but had a lot of fun figuring out the bypass for local vs. remote :)
Box was slightly too easy in my opinion. Repeated exploitation path from a previous machine was a bit insulting as well.
Not a bad box for beginners, but if you're seasoned, it will probably feel like more of a chore than anything else.
No tips fr…
Type your comment> @VbScrub said:
(Quote)
I do both a common port scan and full port scan, doing what @VbScrub mentioned as my common scan, but then allowing passive recon to run in the background while I check out everything that showed up on t…
Type your comment> @idomino said:
(Quote)
I didn't find the user reset to be that bad actually... It was almost the exact same thing, you just couldn't abuse the original tool and wordlist.
Edit: Rooted. Pretty tough box, especially after those…
Type your comment> @Ad0n said:
(Quote)
Being that I am the original poster of the comment you referred to originally, I agree with what @TazWake said. Hang in there :)