Last Active


  • (Quote) I keep coming across this and just want to say, again, there is no guesswork if you've fully extracted the data. I fell into the same trap as others initially, using a well known tool, seeing something that looked like the whole picture and …
  • Alright, since the box has now been patched and somehow a lot of people aren't sure if they did it the intended way: * If you used psexec, it was unintended. * If you went straight to a SYSTEM shell, got root.txt and wondered where user.txt was.. y…
    in Nest Comment by rewks January 2020
  • Type your comment> @gbyolo said: (Quote) Well consider me truly bamboozled. After many hours of trying the obvious path I see this post, and spend quite a few more hours throwing different wordlists from seclists/dirb/dirbuster/wfuzz at the site…
    in Patents Comment by rewks January 2020
  • (Quote) If it is and you figure it out, give me a shout - I've been going through the docs and some on-box files for over an hour and come up with nothing :D
    in Monteverde Comment by rewks January 2020
  • I don't know what stage you're at but there is no cracking required to get user
    in Monteverde Comment by rewks January 2020
  • This root is a doozy
    in Control Comment by rewks November 2019
  • User: - If people are struggling with running the binary with peda - peda sets follow-fork-mode to child whereas vanilla gdb has it as parent by default. You may wish to sed -i 's/follow-fork-mode child/follow-fork-mode parent/g' ~/peda/ (or …
    in Safe Comment by rewks July 2019
  • Type your comment> @plonk said: (Quote) Have you done a full tcp port scan? Go higher ;)
    in HackBack Comment by rewks February 2019
  • Trying to access we******.*** found through the JS, currently just keep getting redirected back to the functionless a****.********.*** :| Nvm.. progress. I have a log file teasing me.
    in HackBack Comment by rewks February 2019
  • (Quote) Can't really think of much to say without spoiling, but it's not like user - there are no dead ends you can go down (I didn't see any anyway). When you find something that looks interesting, focus on it. Even if it initially looks like it do…
  • ^ Great post. (Quote) In particular will help a lot of people stuck at a certain point I think.
  • Type your comment> @Treelovah said: (Quote) This box is trolling me but I like it.
  • You may be typing it wrong, double check every character and remember it is case sensitive.
  • (Quote) If the provided .*** isn't playing nice, you could always look for an alternative for a more familiar environment.
    in Ethereal Comment by rewks January 2019
  • I finally managed to crack it, what a ride. I certainly had to do a lot of research to root this machine. My experience can be summarised by "You think you know what you're doing, but you don't really. Go back to google." Frustrating, yet…
    in Ethereal Comment by rewks January 2019
  • I've tried four different ways of creating m** files, and they work on my local windows VM but apparently when r**** checks them they do nothing - yes I am doing something to them with the thing that can be found in the other folder/is referenced in…
    in Ethereal Comment by rewks January 2019
  • (Quote) "charondebug = How much charon debugging output should be logged. A comma-separated list containing type/level pairs may be specified, e.g: dmn 3, ike 1, net -1. Acceptable values for types are dmn, mgr, ike, chd, job, cfg, knl, net,…
    in Conceal Comment by rewks January 2019
  • Yes, exact same position @1NC39T10N, it's a real struggle but it's forcing me to delve into stuff I've just taken for granted up till now. I keep making tiny jumps, I'm so close to getting it working I can taste it. (Probably going to remain stuck …
    in Conceal Comment by rewks January 2019
  • (Quote) Is this the correct path? I can get a bit of info from some commands but none of it seems of use Edit: Nvm
    in Dab Comment by rewks September 2018
  • (Quote) Yes, read through the options on the man page. Keep in mind that if a program errors, often it will give you information on what lead to that error.
  • Are you using a wordlist? Using Rockyou with john I cracked it quite quickly.
  • I've been struggling with privesc here.. I was intrigued by u*****.exe and did some reading on WSL but can't figure out how to make use of it as a non-privileged user. Am I in the right area or are my efforts better concentrated elsewhere?
    in SecNotes Comment by rewks August 2018
  • (Quote) I'm guessing it's just on free due to people trying to bruteforce the login. Someone said it's fine on a VIP server.
    in SecNotes Comment by rewks August 2018
  • Just leaving a shoutout to my buddy Tim for not roasting me too hard when I struggled with root.
  • Hi, when you listen to the audio you can hear some buzzing in the background which stops after a while right? That's a good indicator that the file has been messed with in some way and there is something hidden in it. I have found this page: https:…
  • (Quote) Sure
  • Not a tutorial as such, but a collection of pointers and tools you could use. Tools/commands of particular note for the challenges I've done so far are strings, xxd, binwalk, steghide, s…
  • I managed to get an 18000+ line text file from the audio clip, which I've been playing around with in various ways and have now ended up with a huge hex dump that has a PNG signature, IHDR chunk and IEND chunk.. but I can't figure out how to view it…
  • I got stuck on this one yesterday, came back to it today with a fresh head and solved in minutes. In addition to what has been said already, my tip is don't rush anything and be thorough.
  • I found a narrow set of differences between the two images, but haven't been able to do anything with it. After much head scratching and failed ideas I turned to google and found a writeup about a very similar challenge, but whereas they were able t…

Howdy, Stranger!

Click here to create an account.