Last Active


  • I'm pretty sure to know what is the vuln to exploit. I know uploading a certain filetype leak a lot of informations about where the uploaded file is saved. I can upload my se*******d o****t "s****on" file. But cant find the good path to ma…
  • Ok , got the user! Lost 3 hours. If it can help some, for me, that was an userAgent Switcher extension in firefox causing the issue! Got root! Thx @ekenas Fun box. Some new stuff for me. It would have been pretty straight forward not having my au…
  • I got the same problem. Got the good creds, can login in svn, but not on that dev**** page. I even reset the box. How have you resolved your issue?
  • Hey all. I would appreciate a nudge. I found the file. I got a password. Im able to add file, then commit, but cant find a way to use the file once on the web server! Always 404, file not found! Any hint on what im missing?
  • Rooted! Fun and easy box! Too easy... But well take it after RopeTwo and Intense! :-) PM for nudge.... if you have really tried! There is no big challenge.... you should be able by yourself...
  • Stuck for root. I would appreciate a nudge... I can guess the last part, but cant find if we have to privesc before being able to exploit it, or if we should be able to exploit it with our actual user... Of if some are stuck at the same place and …
  • Got the first flag, but cant find a way to get a shell. Is it necessary for the next step? Or still more smb enum?? EDIT: Forget it. A port initially close is now open
  • Fun box. Not as easy for me as it looks for others! Had to use tools i rarely use to get foothold! Thx for the box!
    in Blunder Comment by gverre May 2020
  • Its been great so far. But I would really appreciate a nudge for the last flag. I have no clue past the first step with that "se****d _*** e.md"... The tools I know doesn't help me that time... Edit: Rooted! Real fun!
  • Two first flag were pretty easy. For the third, the /s....... vhost is down (error 500) at this moment. Is it still possible to got the next flag? Or I should wait for a reset?
  • My guess would be to use different wordlists no enum.... but at 5req/s, i think me must be patient.... Edit: wrong guess... at least, there is something else
  • Yep, but seems down right now... My fortress vpn is up, got IP But can't ping, or access the old Jet Fortress or the new.... Edit: Just start answering
  • Thx @ASHacker. Interesting box. The user part gave me hard time! Overall, good challenge!
    in Cache Comment by gverre May 2020
  • Thx @polarbearer and @GibParadox ! Super fun box. Good recap and learning experience, especially for an easy box! Part of the rooting process was new for me!
    in Admirer Comment by gverre May 2020
  • My god!!! Finally! What a ride for that user.... The foothold was tough, but how proud i feel right now!! :-) Onto Root!
    in Quick Comment by gverre April 2020
  • After around 10 hours spent, I must admit I can't get a foothold. And, it seems that no useful information will be allowed in this forum... Making me pretty stuck... :-) I followed all leads i've found. I read/fuzz/enum a lot on anything i could fi…
    in Quick Comment by gverre April 2020
  • Rooted. Super fun box. Got user super fast. Lost way too much time on root! Like always, way simpler that i initially tought! Little hint for root.... if your digging a tunnel, it is probably to dig a rabbit hole... like me... :-) PM for nudge! …
    in Magic Comment by gverre April 2020
  • Rooted. No need for restart, no need for reload! So much frustration for nothing! You all can add your own script. There is a way to "enable" and launch it on demand. When you can't REstart the box, or can't REstart the service, maybe you…
    in ServMon Comment by gverre April 2020
  • Only got the user flag so far. Fun, but tough ride for me! I'm little confused for the next part. Does the b......p bin only served the purpose of reading the flag?? Or there is something i'm missing and it could help me with that c......o thing? I'…
  • Rooted! Thx @VbScrub ! Great Fun. Learn something new for the root. And spent way too much time having the wrong logic! User: Enum, Enum, Enum! Root: The Chef can make it easier! Maybe you dont have to bring dead people to life to learn more about…
    in Cascade Comment by gverre March 2020
  • Nope. Simple Enum. It is hidden in a lot of output!! ;-)
    in Cascade Comment by gverre March 2020
  • I agree. User has been easy, but fun. Now, I'm stuck for too long on root!! And the box seems down now...
    in Cascade Comment by gverre March 2020
  • Rooted. Easy, but fun box. Lose a lot of time finding the right payload in the first step.... Been stupid. After, Root is 10 minutes formality.... on VIP box ;-) PM for Nudge
    in Remote Comment by gverre March 2020
  • Thx @Xh4H ! Fun quick box! I spent way too much time for the root... Nobody was triggering it for me!! :-) (Hints). DM if I can help
    in Traceback Comment by gverre March 2020
  • I have have some connection back from playing with c******.p*. But I can't find a way to turn it into lfi. Someone got some success to share following this path? Or into anything else! ;-)
    in Oouch Comment by gverre March 2020
  • Just Rooted. Great box. Initial foothold was hard and was something new for me. This zaBogdan hint is what put me on the track for that first part. Did'nt have a clue at first. The rest is more 'classic', but great fun and challenging. The root pa…
    in Book Comment by gverre February 2020
  • Rooted! Finally! I was overcomplicating things way to much for root! PM for Nudge! Thx @egotisticalSW It was a fun box!
    in Sauna Comment by gverre February 2020
  • Is the user H... S.... the good path?
    in Sauna Comment by gverre February 2020
  • It is run by Tomcat. It must be Java. It can't just be a Windows executable. In my comprehension, someone would have to code a java/meterpreter/reverse_tcp payload to do what you want.
  • Just did it. Without any problem. Have you tried naming your database ninevehNotes.php?

Howdy, Stranger!

Click here to create an account.