tabacci

About

Username
tabacci
Joined
Visits
2,013
Last Active
Roles
Member

Comments

  • Excellent writeup! For this machines we have one way to solve, so writeups differ only in design and details. In this walkthrough all steps are clear and structred, thanks for sharing.
  • Of course we did a lot of researches related to waltz dance rotations. But why should we mix German word with English if, according to HTB profile, the author is from Italy ? The hipothesis that Walzer is the name looks more logical.
  • (Quote) The Article is brilliant. I wonder why processes allow techniques such as PE Injection to be executed on them.
  • Great writeup! I solved user part without peda but it is classical method of reverse engineering that can be done using many other RE tools.
  • Spent a lot of time by analyzing unnecessary stuff. But like in real pentest you do not know in advance where is vulnerability hidden. The same for root )
    in Mango Comment by tabacci October 2019
  • Hi Gio! Thank you for your hint. I found my way and rooted it immediately after reading your welcome post here. (Quote) and thank you for very interesting and very realistic box!))
  • if the challenge had more relevant description it would be perfect. but in any case it is very interesting challenge, so play it if you have a lot of free time and love to dicover new things ;)
  • In this box both exploits did not work for me. But after repairing they work well. So consider that as a part of the game and happy rooting ;)
    in Wall Comment by tabacci September 2019
  • (Quote) I just moved to other channel of communication, with minimal intervention with that slowly component.
    in Scavenger Comment by tabacci August 2019
  • Type your comment> @b4nna said: (Quote) I also loved this part of the box))
    in Scavenger Comment by tabacci August 2019
  • Rope is very hard box that requires special skills and experience. It was important for me not to restart nor reset box on the root part, but I guess that more experienced hackers follow more elegant way to root.
    in Rope Comment by tabacci August 2019
  • ...And the prize for the best Fortune write-up goes toooo... Li-i-i-im Be-e-e-e-e-eeernie!!!
  • It was so cool to pass it in the second time. I passed it for the first time many weeks ago and it looked like new in the second time. But the second time I passed it much more quickly. Hence HTB practice really improves skills)
    in Fortune Comment by tabacci August 2019
  • good job! very clear and well-formed write-up to remember that legendary unstable box))
  • This box is lovely because there are several paths to root and there are many paths to discover that paths. We also have several possible directions that will not lead to result but still is interesting for learning.
    in RE Comment by tabacci July 2019
  • you should get the text and link but the very first line is the flag. if I was in your shoes and did not see the flag even after machine reset, I would connect to other server (us instead of eu and vice verse) to check if it is VM problem.
  • I used python script to get token string and in my script I added sleep (1) in requests because without delay my IP was blocked by CTF antiflood system. Why does your deduction.sh send requests without any delay in between and is not blocked by C…
  • (Quote) In my experiments I used Kali built-in wordlist and all fuzzed well. The sense is to choose correct point for Fuzzy.
    in Fuzzy [Web] Comment by tabacci July 2019
  • it is necessary in this challenge not to fuzz unnecessary
    in Fuzzy [Web] Comment by tabacci July 2019
  • (Quote) I solved it for a minute using classic forensics tool. So for me it is 100% forensics))
  • Greetings to everyone who is storming the Fortress! I solved all steps but MemberManager. If you need nudge or would nudge me or want to discuss any step, feel free to pm.
  • (Quote) The sample is to small to be related to JS. Go my way.
  • @emmycat said: (Quote) Best comment is when we get some direction pointer for researches. But that comment Instead of the light hint gave us the final answer.
    in Writeup Comment by tabacci June 2019
  • Great writeup! Very competent approach for data acquisition from SQL. I just guessed the name of table and fuzzed the columns. And I even could not dream to write such smart python script to read all the files available in all the users home fold…
  • (Quote) Start from beginning and listen the call
  • it may depends on language, in my language simple is the same word that is the right termin.
  • Thank you for writeup. Did you on practice test the possibility to get root without drno security context addition to sysadm' security context? In my experiments I was able to get root only after drno id adding to sysadm id.
  • I started with the understanding of the name of challenge. May be the task is to add missed bits to the sample to get base32?
  • It is good idea to start discussion, because Call is very interesting challenge. The first part is straightforward; the second part is simple. btw, right now I gave the straightforward answer for your question, David.
  • The final step for me was to take into consideration the second column. "It is unlogical but it is CTF".
Avatar

Howdy, Stranger!

Click here to create an account.