Last Active


  • Getting into the web-service did my head in harder than getting root did.
    in Netmon Comment by mercwri March 2019
  • I wasn't able to crack it in VM, I ran it on my gaming box with a 1080ti and had it in seconds. Also this thread is loaded with spoilers now, this a good box to learn and discover on and has the added bonus of being something you would likely fin…
  • I managed it at the 11th hour after reading SYSTEM a few days ago, I finally figured out what i was doing wrong with odat to upload a webshell. Missing that --sysdba flag in odat really messed me up.
  • From hints and playing with sqlmap I managed to get root but not user, I've given up on odat for now since I can't get all of it's modules working. I think odat with the lowercase issue and now every module reading KO on test has sucked up more of …
    in Silo Comment by mercwri August 2018
  • > @Moliata said: > I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks. This is not a good first box unless you already know AD, and have experience in mixed AD-Linux environments.
  • If you found the credentials but don't know where to use them, maybe sit down and think what you'd do if you were a legit user on a Linux workstation in an AD environment and were trying to access shared resources.
  • Speaking of certs has anyone been ballsy enough to claim HTB lab time for CEUs for CISSP or the like?
  • Anyone mind taking a look at my exploit script, it worked ONCE in a test environment and then went back to triggering 500s. I must have tweaked something bone-headed and broke it.
    in Canape Comment by mercwri June 2018
  • That was a hell of a box, fun though!
    in Olympus Comment by mercwri June 2018
  • (Quote) You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.
  • @eransh10 I won't link it the thread since it basically is a spoiler. But the solution to getting a reverse shell is easily found if you look at what is running and search for common exploit methods to be used against it.
  • Watch ippsec's videos he uses it extensively since web servers are pretty big attack surfaces. There is an article that basically gives this machine to you if you can understand what it is running and what it is doing. Privesc at least how I did w…
  • is Resolv.conf getting overwritten? It took me 2+ hrs and looking at Wireshark and d 3 verbose in smbclient for me to get EVERYTHING right to work.
  • That is an excellent write-up, I spent hours with KEK and smbclient struggling with the syntax. GoldenPac looks like it made that part easy :astonished:.
  • If you cracked the back-up file and didn't find something glaringly obvious on how to get a foot hold you need to look again.
    in Node Comment by mercwri February 2018
  • Yeah, I'm missing a piece of the puzzle here, from the hint in the view-source and enum I think I found something but the article linked just has me re-thinking that.
  • (Quote) I had to reload the page and it worked fine when submitting.
  • (Quote) Well scratch that, both the creds and exploit were right in front my face.
    in Sense Comment by mercwri February 2018
  • I found the flag via stego but I must not be reading it right since the challenge isn't accepting the flag even though I've copied it as clearly as it appears.
  • (Quote) view source, if you don't see the first hint maybe get a new prescription?
    in NIbbles Comment by mercwri February 2018
  • The root hash will always be /root/root.txt
    in NIbbles Comment by mercwri January 2018
  • If you REALLY think you have the credentials try a reset. I went back over my notes and I noted I'd already tried the correct credentials but they had triggered a blacklist notification, I reset and re-hit my notes and one of my first attempts let …
    in NIbbles Comment by mercwri January 2018
  • I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?
    in NIbbles Comment by mercwri January 2018
  • I've done harder machines than this, I know it, but I can't seem to get passed the first steps on this either, can someone PM me a hint so I can facepalm hard?
    in NIbbles Comment by mercwri January 2018

Howdy, Stranger!

Click here to create an account.