Last Active


  • I've been stuck on this one for a few days. Is there anyone still checking this I can ask in more detail about where I'm at and maybe be able to push towards my next step?
  • Sometimes you just need a good night's sleep. Best hint I can provide is if you did diogt's other challenge (Mission Pinpossible) follow your intuition on this one.
  • Does it require the ability to simulate hardware? My assumption after looking at this assembly and scratching my head at this repeating sequence of clear and set commands is that there must be something I'm missing.
  • Should this one be solvable without physical hardware?
  • Can anyone provide a nudge for getting access to the admin control panel? Struggling to make any progress on this one.
    in Book Comment by sheeets February 2020
  • Had trouble finding the file until I realized I am an idiot. ha!
    in Hawk Comment by sheeets August 2018
  • Struggling to figure out what to upload. Tried all of the things I can think of and still getting Invalid File. Any hints for how I can figure this out or do I just need to iterate through even more?
    in Bounty Comment by sheeets July 2018
  • I've been working on this one and have hit a wall with what to do next. I've found the file out interest with the flag and decompiled with IDA, but all of the decryption tools I've tried aren't working. Any hints would be lovely.
  • Never mind got it. Can help others if they are stuck.
    in Silo Comment by sheeets June 2018
  • Any advice on getting user after getting root? I've tried creating programs/jobs but nothing seems to be working.
    in Silo Comment by sheeets June 2018
  • Opps..I need to read more.
  • Am I on the right path if i'm getting "You Shall Not Pass!"?
  • Never mind, feel like an idiot because I didn't know you could do one liners with that command. If you get stuck and don't know what to do, maybe try something else you may have assumed wasn't useful for anything.
    in Stratosphere Comment by sheeets May 2018
  • What am I missing here? I have RCE, seeing interesting files, notice one credentials for a service I found early (group of pawners), but doesn't work. Do I need to keep looking?
    in Stratosphere Comment by sheeets May 2018
  • Never mind, got it. I will say that there are apparently multiple ways to do something. Try them all.
    in Chatterbox Comment by sheeets May 2018
  • Can anyone help with what payload I should be using? I've tried all of the ones that make sense, and each one dies immediately. Just don't want to keep reseting this box and throwing out exploits if there's something I can look into to help me under…
    in Chatterbox Comment by sheeets May 2018
  • I'm really not getting what to do after cracking this file. Maybe it's just my inexperience with DNS, but even after googling information I'm not getting anywhere. I understand I need to use DNS to find something, just not sure how I can do so.
    in Olympus Comment by sheeets May 2018
  • I've recreated the vulnerability on my local machine. I can get RCE, however, when I try to mimic these same techniques to the HTB machine I'm not getting a shell. Am I approaching this the wrong way? I guess I can look at LFI possibilities, but may…
    in Canape Comment by sheeets April 2018
  • Have the interesting file, have cracked, and tried a few techniques to get SYSTEM but none are working. Can anyone give me a hint on what technique I should use?
  • Also stuck on getting root for this box. I think I'm on the right track, but not sure how to use the .log file information. Can someone message me to confirm if my hunch is correct?
    in kotarak Comment by sheeets February 2018
  • I was able to get a login for a database from a specific file, am I going down a rabbit hole with this? Something about a secure-file-priv option keeps me from using an exploit.
    in Aragog Comment by sheeets February 2018
  • I was able to figure out how to read files from the server, but I can't get any sort of RCE or relevant file for getting a shell. Any advice?
    in Aragog Comment by sheeets February 2018
  • I feel like I'm missing something on this one. I have exploited the vulnerability and grabbed the $text field. I've also determine what the hype is all about. I've figured out how these two things relate to one another, but maybe I just haven't enum…

Howdy, Stranger!

Click here to create an account.