Last Active


  • (Quote) Look at the documentation for AuthN. Once you understand how to talk to that, it's a 1-5 line script (depending on your language of choice), no CSRF token needed. I would bet lots of money that you've already used the right wordlist, so r…
  • Frustrating... I can see NC receive a connection but I'm unable to issue any commands (at least I'm not able to see the output of them). Any ideas?
  • Got it. Great box, you'll learn plenty. Thanks @1337mn.
    in Craft Comment by lunchboxrcl August 2019
  • Can someone who's finished with this box PM me about the user step. I've rooted the box, but I'm not entirely certain if I piggybacked onto another individuals initial effort.
  • (Quote) The missing pieces to privesc'ing this box are probably staring at you (it was for me) I didn't see it at first with all the machine resets and those resets cause me to go down a dark and unnecessary rabbit hole. I reached out to someone a…
  • this is great. Thanks
  • Getting the user.txt wasn't that frustrating (once you figure out the dirb/gobuster/etc step). I found an interesting file that I was able to take back to my machine for further analysis and I was able to crack it... now I just can't figure out whe…

Howdy, Stranger!

Click here to create an account.