Last Active
Member, Moderator


  • With anything, consistency provides the best results. I've met a lot of people that want to be pentesters but don't really have any type of schedule or plan to improve. This is one of those fields that require an insane amount of time to master. …
  • (Quote) For NetMon I did put something in place when testing the machine. Every 42 minutes NetMon is restored back to a normal condition (was for other things, not password). I wanted it to be quicker but it also logs all users out of the box when…
  • I do not believe we have an estimated date of deployment yet and unfortunately, we do not offer discounts to ProLabs for VIP Members.
  • This will be the only thing I will respond to. (Quote) Since this thread was created in December, we have made quite a few changes. This thread has been open for 43 days and we have: * Implemented a Radar Graph on machine pages, allowing people t…
  • (Quote) I literally said the same thing in my initial post and linked a video explaining it. Not once did I say their opinions didn't matter. I'm just stating that people are making "CTF-Like" a negative term or at least using it in a wa…
  • Correct it’s up to creators after a box is retired. If they decide to upload it they can, it’s their box not HackTheBox’s.
  • Personally, I really dislike the Realism vs CTF-Like in this thread. It's really easy to lie to yourself and say the reason you didn't get something was due to it being CTF-Like, or the author is a troll. Even if the problem is as stupid as you di…
  • Oh man. I'll give my point of view here, and first I'll say the unpopular thing and if every box was like Reel in terms of "Real Wordness", I'd stop doing videos. As I don't like the idea of people being able to watch the videos and direc…
  • (Quote) Thanks for all the kind words, unfortunately, I'm not going to say why I'm not using X tool in most videos. There are far too many tools and tools change so it makes the videos become dated faster. I'm relatively good at answering comments…
  • I tend to not use Windows-Exploit-Suggestor because it gives a lot of false positives. The program works by pulling a list of exploits from an excel file, grabbing the patch name, and then searching for updates checking if the patch name (KBxxxxxx)…
  • Anything is fair game. That being said if there's a kernel exploit that came out after the box was released and you use it, you're doing yourself a disservice by stopping there. If you ever think you did anything an unintended way feel free to pm …
  • Try harder. There are two routes. Are you Elliot and investigating an intrusion? Or are you Mr. Robot trying to pop all the things.
  • Nice job - Wish i had read this before doing a video, the ltrace is a nice touch to find the blacklisted characters, not to mention your non-bf overflow code.
  • It's been talked about, we've thought about doing something to different to badges after a machine has been retired. Unfortunately, it's just a minor cosmetic thing so it isn't that high on our priority. Things like RastaLabs take priority.
  • Check the write-ups/videos. Grandpa and Granny don't have the same route to user. Can't really give more of a hint without spoiling it, and if i spoil it you would be better off just reading or watching a video.
  • Nothing bad will happen if you accidentally DOS a box. If you notice your tools causing issues lower the threads and try again. If a box goes down just revert no harm done. I can't really give you an answer at the number of threads, because that …
  • Yep. We try to filter out spoilers. However, its best not to make them in the first place. Takes up time cleaning the forums which could be spent elsewhere
  • Whenever a machine gets put in the "unreleased" queue, it is decided what is going to be retired. There is no set lifetime for machines.
  • Yep. Port 8000 being open is probably someone running SimpleHTTPServer to exfil files. It should not be open.
  • Nice job. Loved the phpinfo trick - Had completely missed that the file was there.
  • It's not set in stone but both age and difficulty play a major factor. Generally, when a machine is around 15 weeks old it becomes a retirement candidate. It would be unlikely to retire an Easy machine while releasing a Hard machine. That simply …
  • I used CVE-2017-6074, which isn't really stable. Show a few other rabbit holes in my video, such as getting a shell through FTP. Which would have worked if the SSH was set to only allow cert based logins.
  • Gotta type it correctly, very easy to mess up -- Sorry don't generally share the code I use as in copy-pastable format. Want people to type it out, so if they make errors they can learn how to troubleshoot. I know its frustrating but there is a re…
  • Was retired last week. Optimum was retired last night. The Grandpa machine is still available for free users until next Saturday. Once a machine is retired, it remains available for 2 weeks. After that need VIP to access it.
  • Thanks @alamot that makes total sense. Didn't realize the CWD changed upon migrating.
  • I really like that python wrapper for the nishang one-liner. May have to steal the idea and make it a bit more generic. A lot quicker than modifying files and typing out the IEX crap every time.
  • (Quote) Could of done admin== (or any amount of equals :lol:
  • Perhaps the wrong call back IP? Also reverting the box never hurts, some privesc's aren't reliable when ran multiple times.
    in Optimum Comment by ippsec October 2017
  • Please don't create a chat with the intent to discuss active machines freely.
  • Pivots are cool, but really hard to do in labs with 100+ people due to people stepping on each other. Then when you learn about SShuttle, pivots are a piece of cake. Pivoting through a Windows box is still a royal PITA, but its even more a PITA if…
    in Brackets? Comment by ippsec October 2017

Howdy, Stranger!

Click here to create an account.