paddanada

About

Username
paddanada
Joined
Visits
726
Last Active
Roles
Member

Comments

  • Type your comment> @CrackerMan said: (Quote) This stumped me, too, but hints in this thread and a bit of reading the man page for m***l showed me a way to run things without having to go all the way in...
  • @HomeSen - thanks for taking the time to do that! Looks like i'll have to concede defeat on this one... Didn't have enough space to install the Windows VM, so waited for an additional drive to be delivered; after that, WIndows starts, but reboots w…
  • Type your comment> @HomeSen said: (Quote) Thanks, @HomeSen - I had a quick scan around the Wine forums, and some of the tools mentioned in this thread aren't listed; I think I'll have to bit the bullet and try Windows in a VirtualBox.. nothing t…
  • I've managed to get as far as extracting a couple of usernames/passwords from something, one of which grants access to an interesting share; before I get any deeper, though, is it possible to complete this box without Windows...? I only have access…
  • Thank you, @mostwanted002 for a really fun box! Foothold and root both took me ages, but the "light bulb" moments were very rewarding.
  • well, despite my faltering start, I've completed the box! The very last step was a bit of a guess inspired by an old Stack Overflow thread, and a helpful error messages from the chef. I found this box to be a very worthwhile to persevere with as th…
  • (this is my first Hard box, and I'm finding it a heckuva jump from Medium...!) Can I request some help with the foothold, please? I'm using burp, and a well documented technique to read files I shouldn't be able to read, but I'm struggling to ident…
  • Type your comment> @riceman said: (Quote) Thanks, @riceman for showing me how to get "true" root, not just the flag!
  • Just rooted this box... although, it'd be more accurate to say, "I got the flag"... I couldn't get my version of the "attack script" to pop a reverse shell; I knew my script was being executed, because I got it to run id and saw…
  • sheesh that box kicked my arse... I'd been feeling quite confident after doing Lab and Tenet in recent weeks, but I seemed to blunder my way through this one. A fortunate typo helped with one thing , and then Google's "Searches related to...&q…
  • Really fun challenge. All the hints are here - the most important of which are, "you don't need to crack anything", and "-hh can show you a way to get what you need".
  • Rooted; was a tough box for me, but learned a ton. I was struggling to get my head around the concept required for the foothold, until I came across a thread on the security stack exchange from 2017, and then it fell into place. Root itself was a …
  • Rooted, but only thanks to the "public transport" hints here pointing me in the right direction... For those who didn't need the hint, I'd be grateful to understand how did you know to look at the vulnerable "thing"...? (I mean,…
  • Rooted. At last. For an "easy" box, this one really made my head spin. Thanks to @spletinckx for prompting me to check my own set up, and extra special thanks to @k4u5h1k for reinforcing a valuable lesson: check your results; just because…
    in Admirer Comment by paddanada May 2020
  • I've managed to utilise the login page, and can successfully read files that I'm already aware of (ie - the first set files you come across via the r------.txt info, and the index.php) so I'm confident my "set up" is working, but when I tr…
    in Admirer Comment by paddanada May 2020
  • hi, friends... Can I request some help with user, please? I'm on the box with the first set of creds you can usefully use. I've found something I can run, which produces an error but tells me what I can do. I've figured out what the error equates t…
  • what a fun box! All the hints are here already, but for beginners (like me), you might not realise what the hint is for until you're actually staring it in the face. The way to root was one of those, "there's no way this'll wor.....omgosh it w…
    in Magic Comment by paddanada April 2020
  • you'll find the best hint from @Matgro the previous page... (Quote)
  • Rooted. All the hints you need are in this thread; just be aware the box can be a little sluggish/unstable, depending on how many other people are going for root. Some of the reviews are quite harsh; I enjoyed this box, despite the performance iss…
    in ServMon Comment by paddanada April 2020
  • Hi, friends. I got the user flag a couple of days ago, but have been stumped on how to approach root since then. Enumeration has proved tricky, because as a user (H), I don't seem to have permission to do an awful lot. I found the previous command…
    in Control Comment by paddanada April 2020
  • What a ride. Got the creds for the 3rd user a couple of days ago, spent the time between then now going in circles, but finally the light dawned. Rooted. Hint for the home stretch: PS commands are all you need, but make sure you 're seeing everyt…
    in Cascade Comment by paddanada April 2020
  • Check everything the bird is telling you, and follow all leads.... (Quote)
  • Rooted! All the hints needed are in this thread, but it took me an awful lot of try, fail, re-read to get there... (Edit: I went via TV route, but I saw mention of an alternative; could someone PM me with a hint for that way, please?)
    in Remote Comment by paddanada April 2020
  • Thank you for this! It turned out I was missing a single "-" character in the header! (Quote)
    in Book Comment by paddanada April 2020
  • Hi, friends. Thanks to @JayThree I'm a little further down the road, and managed to exfil a key but when I try to use it, I get an "invalid format" error... I know that error is usually self-explanatory, but when I run file against it, it…
    in Book Comment by paddanada April 2020
  • I've got into the Admin panel, and I'm starting to see how the functions across the user pages and the admin pages might interact, (U----d and Co-----ns) but so far, I've struggled to see how I can combine them to my advantage. I thought I might be…
    in Book Comment by paddanada April 2020
  • I'd appreciate some guidance on this, if someone can spare the time - having read a social media feed, I've found 2 locations for an event (in the same city); one co-ord gives me "None found", the other gives me "Repositioning". …
  • Type your comment> @sh4d0wless said: (Quote) I'm in the same boat. Found 4 related twatter accounts (1 x corp, 3 user), and an email address but can't join the dots from there... (Am I right in thinking the domain name from the email address isn…
  • Got root. Took a while, trying to work between the multiple resets, so my advice would be, 'be patient (but when you get the loot, be quick)'. Thanks to @TazWake (yet again!!) for steering me clear of a rabbit hole.
  • Type your comment> @TazWake said: (Quote) Thanks, mate... I was confused 'cos it appeared to "survive" the first reset, so I initially figured it must be part of the box. :smile:
Avatar

Howdy, Stranger!

Click here to create an account.