game0ver

About

Username
game0ver
Joined
Visits
1,190
Last Active
Roles
Member

Comments

  • Also if you are not new to binary exploitation and look for a site to exercise and develop your skills further then https://pwnable.tw/ is also a great resource with some very challenging exercises.
  • @sparkla As per the official rules, what you described is not prohibited. But: * don't forget that those are just intended vulnerable machines, which means that after devoting some time you'll probably be able to root the machine. But rooting is no…
  • That's just my opinion, but seriously there are people that live under the poverty line, why should someone pay for someone else's OSCP certification (and even worse for the 2 month plan) than just help someone that really needs this money. I'm not …
  • I partially agree with @peek and also with @offsecin. @peek has some good points but as @offsecin said OSCP is valuable for finding a job as penetration tester nowadays.
  • I also used Boostnote because of the markdown support and it was a really great note-keeping tool. But because I wanted something that I could access from any device I am now using GitBook which also supports markdown format! In the past I've also …
  • @clarkey3110 Books in python and how can be used in cyber-security come out very often. You just have to make a quick search on amazon and you'll find a lot of books. The thing is that most of them re-implement the same ideas/scripts older books hav…
  • @clarkey3110 said: (Quote) In my opinion those two are great books to start with but they are old. That means that the code they contain can be easily improved and brought up to date. Also some attacks are old too but that doesn't mean they have no…
  • Congrats @mxz3n ! Thanks guys for trying out my tool. It's still under development so feedback is much appreciated!
  • Just saw this thread and in case anyone find it useful, a few months ago I created a small tool to make the process of finding and exploiting file inclusion and directory traversal vulnerabilities a bit easier. It's still under development and you c…
  • This machine is great and priv esc was awesome, very realistic!
  • Here are some links I find useful: * https://guif.re/windowseop * http://www.fuzzysecurity.com/tutorials/16.html * https://daya.blog/2018/01/06/windows-privilege-escalation/ * https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ …
  • Great writeup :+1: I followed almost the same route but in order to make the filesystem enumeration a bit easier process, I wrote a small script to make things easier: #!/bin/shurl='http://10.10.10.64/Monitoring/example/Welcome.action'while true ; …
  • Three reasons I can think of are the following: 1) If the machines were public then everyone, even non-htb members would be able to access them and even abuse them (e.g. DOS etc...) 2) If we didn't use a vpn-client then it would be much more diffi…
  • Also by not just using metasploit, if someone is new to the security field - he can learn and practice on some useful techniques. And even if he use metasploit he can learn the basics...
  • @melka of course it's not the fault of the machine or the machine creator, it's just because the machine is pretty easy to root. Also I agree that machines like this would be a good idea to have a mechanism, maybe an automated script to prevent the…
    in Jerry Comment by game0ver July 2018
  • (Quote) I don't think that the machine is voted as lame because it's an easy machine. I suppose that happens because it's very unstable and the password changes very often. Also with so many resets it's very difficult for someone that already has ac…
    in Jerry Comment by game0ver July 2018
  • What is the error ? What doesn't work ?
  • Calamity should be on that list too!
  • On mac you can use brew package manager. To install openvpn you can do it like so: brew updatebrew install openvpn But generally it's NOT recommended to use your production PC to connect to the HTB Network, mainly for security reasons. Also check …
  • @Malfurion if you are referring to a script - then it is supposed to not be found.
  • Thanks a lot @w31rd0 I'll give it a try! (I also noticed that the file is owned by root but the suid bit is not set )
  • Hi, I managed to get user and answer all the questions from the corresponding script - though I still get the error sh: 1: /..: Permission denied - is this on purpose ? I also checked about the permissions and the script is owned by root...
  • @rk2311 You're on the right track. Just find out "what" changes this output.txt file every 5 minutes (if you enumerate a bit more it'll be obvious), and then you'll get root easily!
  • @gavz You have to leak a function's address somehow and then you can easily compute libc base address. In this thread there are some information about how you can compute libc base address from a leak.
    in ropme Comment by game0ver March 2018
  • yes but if you wrote the 0-day (I don't know if this is the case though) then in my opinion you already know enough or at least more than the challenge/box will offer you (to write a 0-day most of the time means that you already know how the system…
  • What protocols does the instance support? You can't access all the instances using http, in some instances you have to connect with TCP/UDP etc... For example you can't access a pwn instance using http - but you can access a web-challenge using http.
  • (Quote) Here comes the guessing part..., the string/password you're searching it's very related with the image - then combine it with a popular stego-tool and you'll get the flag!
  • great write-up!
  • For those who would like to use radare2 but find it a bit complicated - there is also cutter: https://github.com/radareorg/cutter Cutter is a very nice GUI for radare2, it's open source, very easy to use, actively maintained and available for win, l…
  • There is also an online service you can use that is powered by libc-database: https://libc.blukat.me/ In the repository there are instructions of how you can use either the existing Docker image or how to run as Docker container. The repository is f…
Avatar

Howdy, Stranger!

Click here to create an account.