gunroot

Don't unintentionally post any nudge request or questions in wall. It may ruin other's experience. Instead you can DM me, I will reply.

About

Username
gunroot
Joined
Visits
1,693
Last Active
Roles
Member

Comments

  • @LMAY75 for scp you need a valid SSH creds to work. Otherwise it won't as it comes with a part of SSH. Try NC or Pyserver for easy file distribution.
  • @derco0n I don't think that AV will resist NC. I think it's a legit binary used to connect over other networks. You may have missed something. :) For me, NC worked fine in this machine.
  • Type your comment> @LMAY75 said: > I believe I know which site you are talking about, however if we are talking about the same thing they only used the box as an example for using the exploit. If they had built their own VM the steps would ha…
  • Type your comment> @LMAY75 said: > How did you guys transfer the interesting file back over to your local macine? scp hangs when I try to connect back to my personal ssh server A lot of ways are there! Scp, Nc, Pyserver, need more? Google …
  • @LMAY75 Kindly read the comment once again and also the date of publishing that comment. ;)
  • Type your comment> @rayjolt said: > I've managed to find the user flag and enumerate the filesystem, but I have no idea how I can get a shell. Any hints would be appreciated. That is the wonderful part in the machine. Try to read some netw…
  • @LMAY75 said: > So... besides the hints here how does everyone know this is an IoT box? Google that Nmap term and you will be there. Simply Google everything you came to see.
  • I too reported this issue a long time before. No response. Some people su**s sometimes. They are just a dump in the community. If you can confirm the name of the HTB person behind it, you can report it, I think so. Otherwise you can't just with …
  • @limbernie . The wonderful thing I ever liked/learned from your write-ups is the classic Bash Script. Your writing skill is also awesome. Thanks for sharing. I'm learning every week a unique thing from your write-up. :)
  • Rooted! Nice machine. Learned some good stuffs. The root part is tricky and awesome. For Foothold: Google FU. For user: Enumeration For Root: If you got something, play with it in all possible orders. ;)
  • @TazWake I think some steps are intentionally designed to spend weeks and months. 😂🤣 Almost 4 users are in the machine.
  • Type your comment> @m4rc1n said: > Im at the point of getting shell using what found in one place, but methods described in articles and docs I found do no work when I try extending "stuff". I believe Im on right track, but still re…
  • I still feel the weeks I spent with Multimaster. I'm bit a sad on it's retiring.
  • @grumpy8464 Welcome to the community. Start with Networking and How computer hardware works. It will be much useful. :)
  • Yes @TazWake . The file tool reveals that the binary is 'not stripped'.
  • Type your comment> @m3ll0 said: > Fun box! Unfortunately I skipped over something quite easy to get user and it took me a while longer to find it, but root was pretty straightforward. Root wasn't straight forward for me. After roaming in d…
  • How I thought is the binary 'sysinfo' is not the original Linux binary. I thought it is a custom compiled binary as you can check it with 'file' command. Am I right? If not, please clarify me.
  • Hey. Yeah. He put quite a good content here. @gnothiseauton Thanks for sharing here with this much quality content. :) Thanks.
  • @TheAngryBadger If you're in the starting phase of InfoSec, I suggest you to do Manual exploitation. MSF is just for time saving and not for learning. Avoid MSF as much as possible, try to do it manually to understand every parts. :) https…
  • Type your comment> @LMAY75 said: > Windows is so different from linux... very out of my comfort zone When you learn Windows, you will definitely love it. AD Pentesting is a wide chapter.
  • Seems interesting! I got everything I need, still the public exploit missing away. :blush:
  • Type your comment> @opt1kz said: > I appreciate all the bumps, guys. Thank you. > I keep ending up being busy with real life stuff and haven't been around as much as I'd like. Hey bud. I just want you to do some serious OSINT to find y…
  • Again pushing it to top. Hope one day your friend will return. @izzie
  • Thank you all. :)
  • @H4FN .. just like @TazWake said. I'm also suggesting everyone to go through Myrtle's write-up. Mam's write-up is bleeding edge on explaining nook and corners of the box. :)
    in Travel Comment by gunroot September 13
  • Simply, first class writeup. Great explanation on each steps of why and why not. Keep it up. :)
  • Type your comment> @PinguBlasfemo said: > STOP RESETTING THE MACHINE. > THE RESET BUTTON IT'S NOT A "PRESS ME I'M A FUNNY BUTTON" Check the shoutbox to cancel unnecessary resets in your VPN pool.
  • @H4FN Buddy. All you need is to study the source code and a tons of googling. If you're trying to do the box before it's retiring, I'm glad to help you. https://vkili.github.io/blog/ssrf/ssrf-in-the-wild/ Read this article and also read th…
    in Travel Comment by gunroot September 12
  • Lol. After all the time roaming in HTB, I feel dump on missing this thread.
  • Type your comment> @H4FN said: > OOOhhh I didn´t know that bro ... where can I know all the machines that will be retired ? In the Machine's side (left) column in HTB page, you can see 'unreleased (1)', click it to reveal what old machin…
    in Travel Comment by gunroot September 10
Avatar

Howdy, Stranger!

Click here to create an account.