Last Active


  • Definitely enjoyed this box much more than tabby. User was pretty cool and root was very straight forward! Nice job :)
  • Spoiler Removed
  • Yes, I'd love a long talk about AD enumeration. :D
  • I really enjoyed the user part of this box, and to some extent enjoyed root. I would have NEVER figured root out if I wasn't educated about it from a friend. It's pretty neat and after you do it, research WHY it happens. That's what got me. There ar…
  • Rooted. I have too many people to thank for the little nudges here and there. This is a really great box for freshening up on some basic skills you may have forgotten to use. User was a much longer path than root, but def worth the experience.
  • Type your comment> @evilAdan0s said: > Type your comment> @publicist said: > > (Quote) > Do you use dict? > @evilAdan0s said: > Type your comment> @publicist said: > > (Quote) > Do you use dict? Tr…
  • I am super frustrated at the moment. I've used the tool to convert J's key to a format john likes. That works fine, but John throws the error "No hashes loaded" with it. Tried every combo and even had friends on discord look with baffle. A…
  • Looking to join a group like this if a spot is still open...working towards OSCP
  • Got user, working on root. Def not my favorite box so far. Best hints I can give for user are: The image is important. There's more to it than what the eye can see.... Learn HOW to search the DB once you get there and know what you're looking for…
    in Haystack Comment by publicist July 2019
  • Finally rooted. Very interesting PrivEsc I have never experienced before. Also took a bit longer as some folks thought it might be funny to empty the contents of root.txt to make me think my script wasn't running LOL. Thanks to @riazufila for the am…
    in Writeup Comment by publicist July 2019
    in Writeup Comment by publicist June 2019
  • I have all the recon done (I think), I have the exploit needed, but it keeps failing as I cannot figure out the best way to bypass IP blocking after so many tries. Can anyone give me a hint on this? I've loaded Burp with the addon for WAF Evasion, e…
    in Writeup Comment by publicist June 2019
  • Once you get the right tool, it will make sense. I used wrong one and it converted to text that kind of made sense so don't let that trick you. The Israeli part is a good hint for second part.
  • rooted. learned something new for user AND root. Thanks to all for the help along the way! I had everything perfect for root and it still wouldn't go, after reset, everything worked fine and I'm even on VIP. So give that a shot if you're stuck on r…
  • Now I can't seem to get the reverse shell to work inside mem
  • I've got the key, I just need help with the openssl part. Can anyone PM me on getting a valid cert?
  • So after I get results from dig, I'm stuck at what to add to my hosts so that I can access the subdomains. Can anyone PM me a hint? EDIT: Got the subdomains working. Now trying to get LFI to work with my reverse shell.... Still can't get reverse s…
  • Rooted! This was a really fun box and I look forward to more like it. I could not get SCP to work, so I got a little creative in that part. Thanks to @Joe in the HTB Discord. I was able to get everything done in Linux minus the obvious part that mi…
    in Bastion Comment by publicist May 2019
  • Just got user and root. A big thanks to @Rainerd and @Agr0Dan on HTB Discord. I like that I learned about Node JS and the tokens, but the rest of this box....jesus. When you get there, you'll realize there is NO priv esc. And too many "rabbit h…
    in Luke Comment by publicist May 2019
  • I could use some help with enumeration on the express framework. I read that article, but looks like it needs to be crafted for this. When I did run the bash script, I just got an error about a wrong version. Help appreciated!
    in Luke Comment by publicist May 2019
  • Type your comment> @seventhirtypm said: (Quote) If you can get user through the upload way, you can get root. Why not upload reverse shell and go from there?
  • I have user.txt and reverse shell. Box is unstable or something. Anyhow, can't get exploit to :tired_face: EDIT: Rooted. I had the same issue another person had. Didn't realize I had the shell :P Doesn't make itself apparent until you…
  • Type your comment> @chava said: (Quote) Those are the flags needed to claim the points....
  • I am right on the edge of having root for this box. Can someone send me the code they used? The one I'm trying to compile--getting errors. Watching YouTube to no avail. This should be simple...
  • Thanks to @mogyub for helping me with a weird shell spawn issue! Not sure if something was going on in the machine. Kept getting asked for encryption keys and other odds and ends. Fun stuff! :bleep_bloop:
    in Swagshop Comment by publicist May 2019
  • Can someone PM me with help on root? I know I am missing something super easy. Haven't slept in a day, so that isn't helping ha. I've got a reverse shell up now.
    in Swagshop Comment by publicist May 2019
  • I actually went my own way and can confirm I have a reverse shell from just using an extension in the admin panel. Got user.txt...root coming in a few mins.
    in Swagshop Comment by publicist May 2019
  • Can someone PM me the package they are using in admin panel? I have the original that was SUPER popular with this exploit and it isn't packaged properly or I need help with it. I uploaded another one and can only create, copy, delete files...suppose…
    in Swagshop Comment by publicist May 2019
  • Would someone mind checking my Python script or PMing me if you had this same issue below? I found the login page where I need to create something for myself, and I do end up being able to login, but it's just garbage type output on the admin page.…
    in Swagshop Comment by publicist May 2019
  • I've been getting PMs a ton for root. So gonna drop what I'd consider a pretty big hint: If you're thinking you need to use a protocol that starts with an S and ends with a B and has an M somewhere in the don't need that. Think about …
    in Netmon Comment by publicist May 2019

Howdy, Stranger!

Click here to create an account.