Last Active


  • Nice box. Small nudge on root, experiment with different payloads if the exploit doesn't bite. I almost lost faith in doing the right thing here, blindly trying different payloads finally paid off.
  • I've been following this topic, all right :) What can you guys do to improve the situation? Team up and create better boxes you think are better? I've done a few boxes for trainings I've given at work and local infosec communities. It's not easy bu…
  • (Quote) Box is too hard? :sweat: People create boxes on their free time...
  • Many of the first steps weren't very welcoming though and the odd 200 responses maybe were not so "realistic" either, whatever realistic even means. Anyway, I still think this was a fun box, thank you @incidrthreat and @Mumbai , I learned …
    in Oz Comment by osku September 2018
  • it was a lovely box, thanks @yuntao
  • stuck on the first container -- I can get all the stuff I need on the first container, and I'm seeing something that hints a certain other server has something interesting available, but all my attempts at extracting said interesting information yie…
  • I loved doing the box, got user fairly fast (I think I was 3rd to pwn user -- no first blood :( ), getting to root took several days. It was really hard but rewarding, learned a great deal. All the files you can get to are a hint or otherwise usefu…
    in Reel Comment by osku June 2018
  • @3mrgnc3 thanks <3 great box!! Rooted it, didn't think one roots boxes that way very often, but why not if it works. All the messages combined in this topic constitute for a total spoiler :trollface:
  • I tried harder and got the login vuln sorted out... now working on RCE... this is fun! Next time, this may be a bit easier.
    in Falafel Comment by osku June 2018
  • (Quote) Still no success... did dropzone in the meantime, it was easy compared to this :) The assumed vuln refuses all of my attemps in exploiting it. I'm using a well-known tool s*. Tried to write my own tool too. Makes me think the login isn't vul…
    in Falafel Comment by osku June 2018
  • This box is <3 <3 <3 !! Thanks @eks @rjesh !
    in Dropzone Comment by osku June 2018
  • I'm struggling to even get login creds... it's hinted that there's a specific owasp top10 vuln in the login page, and i've been blasting tools to find out about said vuln but so far without success. I think I've tried every conceivable option with s…
    in Falafel Comment by osku June 2018
  • thanks @lokori this is a great box! Love the privesc :)
    in Dev0ops hints Comment by osku June 2018
  • Pwned root. Don't break the box, nothing on Sunday requires breaking shit.
    in Hint for Sunday Comment by osku May 2018
  • can you stop fucking up the system? etc passwd is empty and I'm trying to solve the challenge. I'm believing whoever said here no exploits needed and taking my time to look around... <3
    in Hint for Sunday Comment by osku May 2018
  • Finally pwned root. Nice machine and my first windows pwn ever :) Strangely, owning root was easier than user. Anyone else having pwned root, mind PMing me, I'd like to discuss the possible other ways.
    in Silo Comment by osku May 2018
  • (Quote) This is an essential hint, thank you
    in Need Help Comment by osku May 2018
  • Rooted, and learned a great deal, excellent box!
    in Olympus Comment by osku May 2018
  • ... and root.. Can confirm root is quite easy after pwning user.
    in Canape Comment by osku May 2018
  • Pwned user. This machine is cool af. Feel free to PM me too for nudges too. Hint, (as seems to be the case often) a stable RCE is almost as useful as a shell -- I could get everything to pwning user without a shell. Something that can execute comma…
    in Canape Comment by osku May 2018
  • anyone want to give a nudge? My RCE is fine, I can see the machine has something locally that smells of help with privesc to user, but I don't have the creds really to access it...
    in Canape Comment by osku May 2018
  • This is the most fun box ever :) Got stable RCE, can run shit as www user, no user access yet... but this is so fun it doesn't matter much :)
    in Canape Comment by osku May 2018
  • Any pointers on how to get access to the user that likely has the user.txt? My RCE is fine and stable and i've been looking around the filesystem but can't figure out what would lead to the user creds. I tried a few dicts with hydra to get creds for…
    in Stratosphere Comment by osku May 2018
  • (Quote) Found the RCE :) and been looking around and doing shit, can't get a better foothold to even find the user.txt yet... But I'm liking this so far! And Mumbai I'm definitely trying harder :)
    in Stratosphere Comment by osku May 2018
  • (Quote) A fairly large wordlist got me further than the default dirb wordlist... some of the hints posted here make a bit more sense now.
    in Stratosphere Comment by osku May 2018
  • I'm dirbing and hydraing the hell out the machine with fairly large wordlists in a true elephant in a china store fashion after earlier attempts didn't reveal much. So far no success past the frontpage really. Anyone mind telling me if this is the w…
    in Stratosphere Comment by osku May 2018
  • Nevermind... and facepalm... it was obvious when I just looked at it.
  • Stuck too, found out the session invoking the exfil, also the likely related POSTs, but can't figure out how to make use of the private key? Anyone mind nudging me towards how to try better?

Howdy, Stranger!

Click here to create an account.