Last Active


  • Are you guys saying there's no way of solving this without the tool?
    in Weak RSA Comment by fingeron May 2018
  • Damn it. The comments here only made me more frustrated. It feels like my payload should be working.... It is working locally :cry:
    in Canape Comment by fingeron May 2018
  • (Quote) Every step in this machine is so well thought of. Is there a way you can think of to check places the website doesn't want you to? Have you enumerated it enough?
    in Falafel Comment by fingeron March 2018
  • What do you have that can be used? What sensitive files can you change? What did you probably easily bypassed but still are missing?
    in Aragog Comment by fingeron March 2018
  • nvm.. got it.. privesc here we go
    in Falafel Comment by fingeron March 2018
  • (Quote) Simple is better. I think the reason the hints are like that, is because any extra bit of info might already be a spoiler. Keep it simple, focus on what info you already have (filename), and you'll see that you can do it.
  • (Quote) :+1: :+1: :+1: If you just used a 0 day and didn't learn a thing you beat the goal of HTB
  • (Quote) Cliff says something to Florian somewhere in wp. It's a hint :)
    in Aragog Comment by fingeron March 2018
  • (Quote) Any progress mate? Really frustrating this one :(
    in Falafel Comment by fingeron March 2018
  • (Quote) I think the same thing happened to me. All I did was edited a file cause why not, I could. No idea why it worked though. If until now you've managed to understand why please share <3
  • (Quote) Ugh I feel so noob, I have no idea how to use that "something unusual" I found :(
  • Make sure you append the exclamation mark to the flag. No tools are necessary. Once you understand the concept, it's a matter of 5-6 lines of code to efficiently solve this challenge.
  • Hello everyone, Very frustrating :( . It's been a few days that I've been messing with this box. Getting user.txt was relatively quick, but I only had it through LFI, and not because I actually owned user. Tried a bunch of scripts, tried messing wi…
    in Aragog Comment by fingeron March 2018
  • (Quote) The tip that helped me the most and also made me realize that it's always better to start off simple and then advance as necessary. Just take a paper and a pen and treat it as a brain teaser. I promise it's all you need.
  • (Quote) There IS a file that's one of the ways to own system, but it is not related to Jenkins. Enumerate the filesystem.
  • @bsecure What are your limitations? How do your surpass them? Think about it. The answer is out there in the wild
    in NODE Comment by fingeron February 2018
  • So you managed to download the backup file but it was corrupted? Try to make the same request using a different method, and don't forget to append the important details :)
    in NODE Comment by fingeron February 2018
  • I could really use a nudge on the "Interesting file", took me a couple days until I figured it out, but now I'm not sure how to continue with it. Any help will be appreciated :)
  • I'm down, I wish I had people to talk to about HTB.
  • (Quote) Thanks man, best tip ever :+1:
  • So everybody here managed to crack the backup file? John doesn't work for me :(
    in Node Comment by fingeron February 2018
  • Wow @Arrexel, this script is awesome!! Very nicely written code. I enjoyed reading :)
    in phpbash Comment by fingeron January 2018
  • (Quote) Hey there, So you're saying that if we found the ports and attempted exploiting it properly but failed, it's because of the environment? How did people get that reverse shell then? They were just lucky?
  • (Quote) I think this has something to do with the OS version. I also found it, but noticed that the exploit works up to an irrelevant version.
  • You have all the information you need. But let's just ask that: When we mount a usbstick and remove some files... Are the files really removed from the usbstick?
  • Got it figured out a couple minutes after posting. I just made a very silly mistake...

Howdy, Stranger!

Click here to create an account.