If you write something on my wall, I will delete it immediately. Make sure you send me a PM and not a wall post!


Last Active


  • The flags rotate periodically to avoid cheating attempts. Just grab them again and submit them accordingly.
  • Type your comment> @Ranger32 said: (Quote) This is a binary exploitation challenge. You're not going to be able to exploit it using a browser... Try researching methods of remote binary exploitation by connecting to the remote instance with netc…
    in SPACE [PWN] Comment by farbs July 2020
  • I remember speaking with you over a year ago here on the forum regarding some active machines. We never got into any personal conversation, but it was nice to exchange thoughts back and forth with you and learn more about your process. I'll keep an …
  • Spoiler Removed
  • Working on root. Dissatisfied by my current lack of a shell. Anyone willing to do a sanity check for my current thought process? Thanks.
  • Got a local exploit working. On to remote. Good luck if you're just now starting - lots to learn with this one! :)
  • Nice tool! I personally prefer to use revshellgen https://github.com/t0thkr1s/revshellgen But I appreciate you posting this here! I'm sure many others will as well. Cheers.
  • There has already been an active thread for a few days located here: https://forum.hackthebox.eu/discussion/3363/official-blunder-discussion/p1
    in Blunder Comment by farbs June 2020
  • Simple and straightforward box. Wasn't a fan of the login guesswork, but everything else was pretty good. Login - Try some fuzzing to get the first thing you need – the "usual" wordlist might not have it. Specifying extensions is importan…
    in Blunder Comment by farbs May 2020
  • Love it! Much appreciated as always.
  • Type your comment> @idevilkz said: (Quote) Please do not brute force. There's no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you're probably missing something crucial…
  • Active machines operate on a different VPN pack than the Starting Point machines. Make sure you are using the correct VPN. In my experience, you should not be able to access the Active machines from the Starting Point VPN connection.
  • Rooted. Root seemed way too easy, so I'm not sure if it was actually intended or not. Foothold - Fuzzing for a different entry point before forcing your way in (you can also check the front page for a hint as to where to look) User - The name of th…
    in Cache Comment by farbs May 2020
  • Few rabbit holes, but nothing to get in a fuss over. The initial foothold is easier than it appears at a glance. Root is cake. Everything needed has already been mentioned. Thanks @polarbearer and @GibParadox
    in Admirer Comment by farbs May 2020
  • Put this challenge off until it was the very last one on my list... (not intended to offend either, I was actually just scared of it :joy: ) After spending numerous days on it locally and quite a few hours remotely, it has finally been conquered. Th…
  • Really simple way to solve this that doesn't require doing any conversions. Fun coding exercise and not too difficult if you break down the process into pseudocode before writing it out. Think of an easier way you can capture the QR code without exp…
  • There is already a thread for this machine here - https://forum.hackthebox.eu/discussion/3020/servmon/p1 Please refrain from creating duplicates.
    in Servmon Comment by farbs April 2020
  • This was a really tough but awesome challenge. Not sure why it is only worth 30 points, but had a lot of fun figuring out the bypass for local vs. remote :)
  • Kinda bummed about two Easy machines in a row... Oh well. Hoping they get more difficult next week! Have fun all :)
    in Remote Comment by farbs March 2020
  • Box was slightly too easy in my opinion. Repeated exploitation path from a previous machine was a bit insulting as well. Not a bad box for beginners, but if you're seasoned, it will probably feel like more of a chore than anything else. No tips fr…
    in Traceback Comment by farbs March 2020
  • Type your comment> @VbScrub said: (Quote) I do both a common port scan and full port scan, doing what @VbScrub mentioned as my common scan, but then allowing passive recon to run in the background while I check out everything that showed up on t…
  • Type your comment> @idomino said: (Quote) I didn't find the user reset to be that bad actually... It was almost the exact same thing, you just couldn't abuse the original tool and wordlist. Edit: Rooted. Pretty tough box, especially after those…
    in Multimaster Comment by farbs March 2020
  • Type your comment> @Ad0n said: (Quote) Being that I am the original poster of the comment you referred to originally, I agree with what @TazWake said. Hang in there :)
    in Patents Comment by farbs March 2020
  • Type your comment> @init5 said: (Quote) You're not moving in the wrong direction. Try harder :)
    in Multimaster Comment by farbs March 2020
  • Got user! What a fantastic machine so far. Kudos @egre55 & @MinatoTW
    in Multimaster Comment by farbs March 2020
  • Type your comment> @init5 said: (Quote) Figure out how to properly bypass the WAF :)
    in Multimaster Comment by farbs March 2020
  • Validated users and dumped a hash. Onward! :) Edit: Passwords obtained!
    in Multimaster Comment by farbs March 2020
  • What could possibly go wrong? :D
    in Multimaster Comment by farbs March 2020
  • I am authorized in multiple places. Trying to make them work together.
    in Oouch Comment by farbs February 2020

Howdy, Stranger!

Click here to create an account.