Last Active


  • Are you guys saying there's no way of solving this without the tool?
    in Weak RSA Comment by fingeron May 2018
  • Damn it. The comments here only made me more frustrated. It feels like my payload should be working.... It is working locally
    in Canape Comment by fingeron May 2018
  • BS >< I loved it. Majority gets it though. Hope the new shoutbox system will succeed as they say
    in Terminal Comment by fingeron April 2018
  • So... No more? (can't see it anywhere) Or is the service down for maintanance?
    in Terminal Comment by fingeron April 2018
  • @lokori said: Haven't found any way through the login yet. I think the guessing game is an extremely boring form of "hacking", dirbuster or manual. Which is a shame because this machine is most likely otherwise an interesting one. Every s…
    in Falafel Comment by fingeron March 2018
  • What do you have that can be used? What sensitive files can you change? What did you probably easily bypassed but still are missing?
    in Aragog Comment by fingeron March 2018
  • nvm.. got it.. privesc here we go
    in Falafel Comment by fingeron March 2018
  • @Stux23 said: Mannnnn this is driving me nuts. I've got possible sentences from rearranging but nothing works as an entry. Any advice other than "use a pen" and "its in the file name" ..? Much appreciated! Simple is better. I think th…
  • @fhlipZero said: i mean you could let the admins know and see if they wanna patch it? some of these boxes to have unintended routes that you can find / fall into, root is root in my book If you just used a 0 day and didn't learn a t…
  • @abogaida said: Looking for a hint for the priv esc... Here where I am at! I see the process that runs every now and then as the other user... Can't see the file content... any hint would be much appreciated. Anyone who wants a hint for t…
    in Aragog Comment by fingeron March 2018
  • @LouissTNT said: any hint guys after login successful ? that ext drive me to crazy !! Any progress mate? Really frustrating this one
    in Falafel Comment by fingeron March 2018
  • @Cubefarm said: I owned root on bashed this morning (my id is Cubefarm if you want to check), however i don't really understand how what i did worked. I think i had the right method, but the wrong reasoning. Can anyone PM me with an explan…
  • @s3crumin814 said: you don't need any exploits for this box, just look harder - do you see something unusual on the machine maybe? Ugh I feel so noob, I have no idea how to use that "something unusual" I found
  • Make sure you append the exclamation mark to the flag. No tools are necessary. Once you understand the concept, it's a matter of 5-6 lines of code to efficiently solve this challenge.
  • Hello everyone, Very frustrating . It's been a few days that I've been messing with this box. Getting user.txt was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing wi…
    in Aragog Comment by fingeron March 2018
  • @ykroc666 said: Help please? The tip that helped me the most and also made me realize that it's always better to start off simple and then advance as necessary. Just take a paper and a pen and treat it as a brain teaser. I promise it's…
  • @NINGEN said: Having trouble figuring out which file I need to use to access Admin. The file I'm looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist. There IS a file that's one of the ways …
  • @bsecure What are your limitations? How do your surpass them? Think about it. The answer is out there in the wild
    in NODE Comment by fingeron February 2018
  • So you managed to download the backup file but it was corrupted? Try to make the same request using a different method, and don't forget to append the important details
    in NODE Comment by fingeron February 2018
  • I could really use a nudge on the "Interesting file", took me a couple days until I figured it out, but now I'm not sure how to continue with it. Any help will be appreciated
  • I'm down, I wish I had people to talk to about HTB.
  • @zelsonm1 said: To defeat the troll you must be wild*, keep going Thanks man, best tip ever
  • So everybody here managed to crack the backup file? John doesn't work for me
    in Node Comment by fingeron February 2018
  • Wow @Arrexel, this script is awesome!! Very nicely written code. I enjoyed reading
    in phpbash Comment by fingeron January 2018
  • @peek said: you cant get a shell if someone is already using a can wait 3 days for nothing...or cheat with somone to run your powershell line there. in any case that box sucks. Hey there, So you're saying that if we found …
  • @kimbilirkim said: i can not bufferoverflow in chatterbox. can u hint me. what do i need? i found exploit but not work.. I think this has something to do with the OS version. I also found it, but noticed that the exploit works up to an ir…
  • You have all the information you need. But let's just ask that: When we mount a usbstick and remove some files... Are the files really removed from the usbstick?
  • Got it figured out a couple minutes after posting. I just made a very silly mistake...

Howdy, Stranger!

Click here to create an account.