rowra

About

Username
rowra
Joined
Visits
285
Last Active
Roles
Member

Comments

  • Type your comment> @Hilbert said: (Quote) That's seriously the best hint I've seen. Not on this box, like ever. Spared me so much time and at the same time not even revealing anything you don't "know" already. Thanks! @clubby789 PM'd …
    in Obscurity Comment by rowra December 2019
  • Type your comment> @trollzorftw said: (Quote) what if it doesn't? no session was created :/
    in Postman Comment by rowra November 2019
  • Type your comment> @rholas said: (Quote) doesn't work though. At least didn't for me
    in Postman Comment by rowra November 2019
  • Found 2 services on higher-ish (non-random) ports and supposedly working exploits for both, neither of which worked. Great lol
    in Postman Comment by rowra November 2019
  • Yup, can't wait. Wonder if it is indeed going to be easy with such rating or it's going to be another of those ""easy"" that's actually more like hard lol
    in Postman Comment by rowra November 2019
  • Any idea why they changed quite a bit about this box's mechanisms? I tried giving some ideas to someone the other day and it turned out they changed A LOT. I'm not talking about the unintended k***** exploit, that obviously had to be removed / fixed
    in Registry Comment by rowra October 2019
  • Type your comment> @ow1joker said: (Quote) Please keep in mind all this is based on I assuming you wrote the same thing I did and you first screwed up the same thing I did. You might want to add a single ^ to the right position and/or check what…
    in Mango Comment by rowra October 2019
  • Type your comment> @n4v1n said: (Quote) What else could you check about a https page that might hold some information? Something you're supposed to check anyway if you get invalid ********* error anyway :)
    in Mango Comment by rowra October 2019
  • Type your comment> @peek said: (Quote) it's guess-the-backend machine but at least it's kinda easy-ish. After that there's no guessing involved
    in Mango Comment by rowra October 2019
  • -- edit: removing question, might as well replace with some hints user: enum everything and once you're stuck look for apps/backends that could run on the box that match so well with the box's name. Then use one of the things you found during enum …
    in Mango Comment by rowra October 2019
  • Removed spoiler-ish stuff + nvm @naveen1729, apparently I don't know how that command works lol, way too tired, thanks
    in Mango Comment by rowra October 2019
  • Found an empty looking useless web server, one with the aforementioned "search engine like" stuff (along with an*****cs.p**) which yet again doesn't seem very useful but it led to a third web serv that seems closest connection to the box's…
    in Mango Comment by rowra October 2019
  • Any guidance on how to proceed to root? I'm in on the box as the user b*** and also got in the /b/b weba****. Can't really seem to find a way to launch a revshell or anything though
    in Registry Comment by rowra October 2019
  • Nvm. Literally just now found a breakthrough.. Might use this comment to ask later though lol
    in Registry Comment by rowra October 2019
  • @artikrh said: (Quote) Absolutely right. At first I tried a different method, restarted the box and never thought it'd change.. Ugh.. thanks. Does the next step involve bruting user b****'s s** pk in hope I can generate his pr****k** too?
    in Chainsaw Comment by rowra September 2019
  • At this point I'm rather certain I'm not doing anything wrong. I've discussed my script and my payload with multiple persons and it's right. Yet nothing at all happens, can't get a http request sent towards me or a revshell. Clueless at this point..…
    in Chainsaw Comment by rowra September 2019
  • Type your comment> @tang0 said: (Quote) Nope. That mechanism is kinda sketchy but our best guess is that whenever you get 403 forbidden is because of the usage of some restricted chars, like space for example. That could also be used to verify (…
    in Wall Comment by rowra September 2019
  • Type your comment> @igaralf said: (Quote) Are you sure it's working as intended? It should take seconds. The pass is among the first 50. (You can PM me your script if you'd like)
    in Wall Comment by rowra September 2019
  • IPPSEC's videos on youtube are amazing. Other than that you could read others' writeups. The problem (and also the beauty) in "hacking" is that you always need something else :) (okay not literally always but very often) Therefore the bro…
  • I'm relatively new to the whole pentesting scene and therefore metasploit too but as far as I know / encountered metasploit just makes things easier and/or quicker. You can most likely find the exploits used by the msfconsole and just use them manua…
  • I personally try to automatize as much as possible. Like instead of using burp I usually start with curl for simple ones and go for [email protected] immediately with more complex ones. When I have a sketch I usually write a script in python. Like wit…
  • Definitely worth it. It's not all that expensive and it lands you almost always a box exclusive to you in my experience of 1.5months. The worst I had maybe 2-3 of us one the same. Plus the ability to spawn retired boxes is awesome too.
  • I've actually rooted this a while back I've just come back to say that ever since then this has been one of my favorites ever. IMO it's incredibly realistic, I can tell, as I've been working with the exact tools for the past year. So yeah, really co…
    in Craft Comment by rowra September 2019
  • Type your comment> @rowra said: (Quote) I got the setter and getter working, I can set and then get what I set before. I just have zero idea what the payload should be. I tried obvious things but none did anything :( Nudges either here or pm wel…
    in Chainsaw Comment by rowra September 2019
  • For a beginner with W**3 and E***** could anyone please help with how to begin with interacting with the high port? PMs are also welcome
    in Chainsaw Comment by rowra September 2019
  • (Quote) Which ones specifically? Did you not get any extra information from them?
    in Wall Comment by rowra September 2019
  • I don't think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google
    in Wall Comment by rowra September 2019
  • Could anyone give a little hint other than @argot 's vocab one? I got /a*.***, /m********* and /p****.*** but yeah two of these are virtually useless and the last needs basic auth to which I don't have anything at all
    in Wall Comment by rowra September 2019
  • A team(work) would be nice. Profile: https://www.hackthebox.eu/profile/155955
Avatar

Howdy, Stranger!

Click here to create an account.