Last Active


  • Plenty of other boxes to work on. This feels a bit like one that'll be retired quickly, perhaps? Happens sometimes. :-(
  • Type your comment> @elveskevtar said: (Quote) Machine has been reset multiple times, including stopping and walking away for hours starting a new instance, as well as both Kali VM and host machine being shut down in between. Cookies are deleted …
  • Was seeing web page last night when started work on box. Now only getting HTTP 500 Internal Server Error on almost every endpoint despite multiple instance resets. ¯_(ツ)_/¯
  • I can get foothold/user, and can go see where the two exe's of interest are, and how they are connected. But I do not understand what I am looking at, my Win-fu is lacking. How would a Unix person conceptualize what is going on there and how to thin…
  • Can get a foothold, albeit briefly. Seems somewhat random when cut off and have to re-do it. Spending a lot of time trying to figure out how to maintain a foothold session to do any recon ... any little tips for this?
  • Type your comment> @FQuen said: (Quote) -bscure -nternet -atagram
  • Type your comment> @jps3 said: (Quote) I'm both laughing and crying right now. And feeling both stupid and (to much lesser degree) clever. All of my issues with the box were due to connection to HTB VPN having been going through a privacy VPN a…
  • I feel stupid for asking ... but is there a forced limit on how much data will be transferred to the box from ours? I could only get a foothold if limited to under 300 bytes which precludes a real reverse shell as far as I can make it work. And from…
  • Also seeing the exe tagged as trojan. Perhaps HTB or creator could chime in?
  • After fairly quickly (for me, for once!) identifying the exploit path to get foothold or user I was completely stuck getting it to work for nearly two weeks. I had several people on Discord compare notes with me and walk me through and we were alway…
  • Type your comment> @Baseizo7 said: (Quote) Never mind! Figured it out. h4x0r error. Apparently I have trouble noticing glaring numerical typos right in front of me for hours.
  • I am really confused. In Kali VM, using gdb/gef/pwntools after many hours finally got a successful (from gef skel) working. But only locally. Remotely I get the 'A's string echoed back. Playing with the length of those 'A' I will get same…
  • Type your comment> @davidcp said: (Quote) As a test if you have noted the name referenced in your nmap scan output, have you tried curl -H 'Host: «name»' (Pardon if obvious but your question read to me as if this might be the stumb…
  • Type your comment> @aimforthehead said: (Quote) I ran a Docker instance of same version G----b with much Google'ing and going through the docs since not familiar with its back-end operation. Takes time but you can re-create close enough to the s…
  • After gaining foothold: Is that non-public file, which is apparently invalid, what is used to pivot to user? Or is that a red herring? (Because if so, I am stumped on how to figure out what is wrong with it!)
  • Type your comment> @zweeden said: (Quote) Ah! Thanks.
  • Is foothold based on a known vuln w/CVE? (Don't need spoiler/number but just beginning to wonder if researching that route since yesterday is a rabbit warren...)
  • Type your comment> @OrkaThaHacker said: (Quote) "Open"ing salvo is a light trolling right off the bat, eh? :-)
  • Type your comment> @k4wld said: (Quote) Thanks @k4wid for the sanity check. Yes, the old standby python httpd seems to be working fine. With wireshark up see lots of TCP retransmissions to Buff. n-.e-- did finally go through just once, but it wa…
  • I feel stupid for asking, but I cannot get any exe tools onto the box. The exploit works to get that webshell, and often others have left tools laying all over the place. But I'm stuck trying to figure out how they did that. Using c--l does begin bu…
  • Got root. (Quote) If you see what 111 gives info it will list a service that you can use to proceed. To say any more would be a spoiler.
    in Remote Comment by jps3 March 2020
  • Type your comment> @0x41 said: (Quote) (Puts thinking cap back on.)
    in [WEB] Console Comment by jps3 March 2020
  • Am I diving down a rabbit hole by thinking I need to brute-force a salty hash to get things going toward auth? (I'm thinking not mostly b/c if so should be easy-ish not requiring lots of time or cpu/gpu to do... but... ?)
    in [WEB] Console Comment by jps3 March 2020
  • Type your comment> @CyberGeek01 said: (Quote) Sure thing! Happy to pass the hint along.
    in Fatty Comment by jps3 March 2020
  • Type your comment> @CyberGeek01 said: (Quote) jd-gui seems to work fine.
    in Fatty Comment by jps3 February 2020
  • Me: I sure have worked hard and would like to change careers to being a pentester some day. Reality: Ha! F... you, buddy. Go eat paste.
    in Book Comment by jps3 February 2020
  • I am stuck on the way to root ... I can remote in as user f----- and have plaintext password. User h----- is apparently closely related to f-----. I see that s--_------- has an interesting reporting line, so to speak, but am not seeing how to get…
    in Sauna Comment by jps3 February 2020
  • Type your comment> @olsv said: (Quote) The Team page is a very common place to get names from which to create some lists of username guesses. But not much in the 'ol lorem ipsum really.
    in Sauna Comment by jps3 February 2020
  • What? They can't print money? Guess that would be a RICO[h] act violation. (Inside job, er joke.)
    in Sauna Comment by jps3 February 2020
  • Finally got user. (Quote) Would that file be "the other jar" perhaps?
    in Fatty Comment by jps3 February 2020

Howdy, Stranger!

Click here to create an account.