Last Active


  • Why doesn't Nikto flag this right away ?!?
  • I like the idea. Right now they are all partially remediated or fully but it's very difficult to track which number is which backdoor and it even seems random... i reset the box, i get right away "Issue 1 is partially remediated". The one …
  • I have coded what's needed to talk to the app, and i know what to exploit... but am i dumb or S**M*p is unable to exploit it ?!
  • I went a bit too quick into the exercise without realizing that the name of the flag is NOT just /flag so don't do the same mistake...
  • I've rooted the box but i'm quite frustrated that i couldn't exploit one of the foothold attack vector. This is probably a more advanced S**i scenario, if anyone has managed to work with that i'd be curious to find out how you exploited it...
  • I have the weirdest issue. My payload works on my local Docker but not with the HTB online server. I tracked it down to a console.log debug message i added to check out what's going on. With it, it works. Without it, it doesn't.
  • Very nice box, i've only got user but this is a marathon so i'll pause a bit here. To me this is a very good OSCP/OSWE box, there's nothing too crazy but it's a very nice check of all the basics all chained together.
  • I gave that box 5 stars. I had to take a lot of hints so quite frustrating and some protocols are quite finicky with syntax, etc, ... i ended up having to check traffic with Wireshark to understand why something did not work, which i would never do …
  • Type your comment> @ecoue said: (Quote) Did you get it to work ? Same problem as i have i guess
  • Type your comment> @No0x01 said: (Quote) Hello brother.
  • Wow i though this would be easy, judging by the green bars in the rating... I find those pretty interesting, well done to the author ! I was a bit puzzled by the little bit which is very specific to HTB and didn't really know how to interpret that,…
  • Wouldn't have done it without a nudge.... Cool box, but the ratings lately are completely meaningless. Any newjoiner with basic knowledge would be put off by the last two easy boxes which weren't easy at all; and last week's HARD only has 20 roots …
  • "Not to mention if you can't figure out where the shellcode is" You know roughly where it is but some different environment variables and stuff like that, might move the address. So the NOP sledge is a very conservative approach to where …
  • I am pretty sure i am at the end of the russian dolls, i know what tools are used, what technique is used to run them, etc... but i'm surprised i cannot debug a piece of shellcode at the end. For the other challenges i had no problem but in this cas…
  • I don't understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn't work and checked the other. Only when i saw the hints did i think that I n…
  • Real great work from the authors. I just have troll flags at the moment, but i'd be curious to know if this is close to some malware that actually existed ?
  • The title is a big hint. Without that i'd probably have spent some time trying random things.
  • Spoiler Removed
  • Type your comment> @aimforthehead said: (Quote) It's time based. Try to sync your box as close to the HTB one as possible. If not, use the mobile phone app - this worked for me.
  • For the timing issue, i'd recommend that you use the mobile app version with time synced there. I couldn't get anything on my machine to work, even with perfect synchronization.
  • Finally rooted, for me user was the hardest part because I am not too familiar with *** and I didn't know those services could run outside of the real A...Z infrastructure. You need to get familiar with the famous command line tool that they use an…
  • You may have the right payload but it doesn't work straight away as other payloads do. There's caching involved, etc, so it might take a few more steps to actually trigger it.
  • How do you copy/paste into PwnBox from outside ?
  • How much of a "real A*S bucket can it be if it's hosted on HTB ?
  • I don't understand why i get :smiley: Error "Operation not permitted" while writing config when logging in.... and i know i have the right credentials as the message is different if i input some random stuff. How close in sync should ma…
  • Wow i didn't you could do such nasty stuff with an Excel spreadsheet. What a nightmare to analyze, but ultimately i got it. I'm sure it was even more painful to put together so well done 0xdf for this challenge!
  • Most of the IT crowd thinks the pentesting/redteaming is the sexy stuff in cybersec but that's some sexy stuff in the Blue Team and i'm actually considering diving a bit more into that.
  • Like many i'm with the array. What's the best strategy to debug that shellcode ? As far as i know, because of the context (i dont want to give spoiler) it's not as straight forward as attaching to an .exe and put breaks here and there. Any hints ap…
  • Completely lost on this one. I get it from the hints that there's an obvious vulnerability somewhere, i come up with only one candidate and there's a very quick check that shows it's not vulnerable to it.
  • Finally rooted it. 1st, it's not a very common vulnerability. 2nd, even knowing that vulnerability, there's still a lot of work and experimentation locally before you can pull it out, as there are a few things that make the exploitation not straigh…

Howdy, Stranger!

Click here to create an account.