imag1ne
About
- Username
- imag1ne
- Joined
- Visits
- 769
- Last Active
- Roles
- Member
Comments
-
Type your comment> @21y4d said: (Quote) Did you feel the 1 hr demos were enough or is the full udemy course a "must know"?
-
@VbScrub Dude, I liked your last box, but I LOVED this box. It was kind of a love-hate relationship, but by the end it was actually fun and I learned a TON! I look forward to the other boxes you have queued up. Normally I come for tons of clues, …
-
I just ran through it yesterday with someone so I can vouch for it working 3/15/20
-
Type your comment> @LaszloNagy said: (Quote) All, Thanks for the feedback. I took a chance and just dropped a new build; good a time as any to update to Kali 2020.1. Wouldn't you know, worked first time, including my first payload attempt. I…
-
30 different ways, no success with PoC. Continue to crash at Viewstate. Can anyone advise? is this a py issue on my box?
-
I was able to achieve some info on burp, but I had to manually add in cookies that weren't setting. Not getting to execution still. Any help appreciated; not the easiest green box
-
Type your comment> @bugeyemonster said: (Quote) I tried same thing and added debug lines. I don't get to end, but the [] shows lack of cookies, so I too think this is the wrong route.
-
It seems to be a common issue but just want to check. Got a***** login but kicks back "session timed out" after 10 or so secs. I can't actually get to any dashboard, so I attempted a scripted exploit with some success on some backend req…
-
@VbScrub Many thanks for a cool box. Agreed, it's higher than easy, but learned few new tricks and actually enjoyed some crypto. Your box finally ranked me up to Pro Hacker, so always in your favor! Don't let the launch get you down.
-
I went after PIL and pytesseract (can't get it to work) but that seems capable of OCR. From there you could loop and process morse, but certainly wouldn't rate that as easy
-
Made it about 15 times by hand before I realized the depth this could go. Fun, but I assume I am missing an automated decoding tool?
-
Losing my damn mind. I've got the program, I've figured out what it needed. The flag comes out and I figure out how to decode it. I've got the revealed name but my flag attempts just aren't working. Can someone help me figure this out? PMs wel…
-
Super annoying to see this rated low, but I'm finally ready to notify, but can't get my syntax correct. Tried to shell, then went back to echoing file and ping my box; no dice. Everytime I feel like I'm getting somewhere, the box gets reset. Can an…
-
This box is the biggest ass pain; I feel like a moron. Have G******** logged in to m*****; can't figure out the q*** evilness. Been playing with it off an one since Dec and about to quit. Any advice appreciated.
-
I would love a DM if anyone has a chance. I've got the q****a b*** terminal and am trying to access a special service for VIPs. I can communicate, but can't figure out how to receive information. I know I am 99% there, but don't understand how to e…
-
lol, I know right? I actually found a script via enumeration but didn't realize it, just not sure what to do with it. My first guess was a local service I enum'd, (very OSCP) but couldn't figure out the password to access.
-
1 week out from OSCP retest & would love some privesc pointers, not spoilers Got O* shell; might understand retartar (grp) but can't find diff/script talked. found 3 diff files but at a loss...
-
Thanks for the nudges. Got it; it was just a matter of finding the damn file. user to root was a matter of a couple minutes. Keep faith and don't quit on enumeration.
-
losing it here. I'm in the group that has tried multiple lists, multiple programs, and multiple extensions (mainly stuck to txt) with no luck. Any DMs with a nudge is appreciated
-
No worries Capt; you are right there. sometimes its a box flaw. PM if you want help.
-
lol, that looks about right. Now you just need to figure out what runs as root and trace the thread. Feel free to PM me.
-
I did this also, but I just launched apache; same same. I use it to wget my LinEnum and standard scripts on most machines.
-
(Quote) If you have anything besides www-data, PM and I can explain past there
-
I'd love to help, but since this was one of my first machines, I didn't take good notes and lost what I did have. I remember how I exploited root, but I forgot how I got to break out of www-data privs...re-exploiting to see if I can figure it out.
-
For some reason I got everything except monalisa to work. Tried extracting with 3 dozen pws with no luck. nudge?
-
Wow, that was easy. I tried audacity, but that was crazy. Thanks for the help Mak; stego and crypto can break the brain when you don't know what to look for when converting things around.
-
Stuck here with the few folks that have the code but not sure how to convert to something usable. Any small hints?
-
I feel you all; it's hard to get started, but once you do, the flow gets better. LinEnum and pay attention to the notes and flags that are highlighted. Don't make it harder than it needs to be, these really aren't crazy deep. It sounds like I used …
-
So I after not giving up (yesterday ended with around 24 hrs up), got the flag, but priv esc was minimal and never got a full meterpreter reverse (just echo'd bash). I know some people have asked about potential openings. I abused the hole to get th…
-
Being new, I am trying to distinguish config issues from ops issues. I have IP of 10.0.2.x. With that I have tried multiple ports in 8080/8889 range with listener setup and dial back to 10.0.2.x. I have been using the existing php tool on server, n…
