th3y

About

Username
th3y
Joined
Visits
337
Last Active
Roles
Member

Comments

  • Type your comment> @mohabaks said: (Quote) I'm in the same spot... Swear I'm doing everything right and have tried the various options based on the source. Edit: NVM had it right. silly mistake on my part...
  • If F2B isn't enough of a hint, you definitely do not need any sort of bruteforcing/fuzzing for initial foothold. This one is all about the basics IMO.
  • @sl0w @exord26 I was experiencing similar on a VIP box. I wrote in exception handling to catch the failure to connect if the port wasn't open, wait 1 second, and then try again. It's crazy though because while it did work, it just hung in my shell …
  • Type your comment> @sulfacid said: (Quote) It changes every so often now.
    in Admirer Comment by th3y May 2020
  • Type your comment> @shaswata56 said: (Quote) IMO, you'll need to at two stages unless you take some semi-creative guesses. What you are looking for is in many of the wordlists though, you just have to look in the right spot. There are only a cou…
    in Admirer Comment by th3y May 2020
  • Type your comment> @0xRDx0 said: (Quote) Is it at least something that makes sense? Like, in a list or I should know it based on the bundle from accessing the low port?
    in Admirer Comment by th3y May 2020
  • Type your comment> @DedStroK said: (Quote) Only one input and it looks like it's pretty well sanitized in that it can only be a few possible things.
    in Admirer Comment by th3y May 2020
  • Finally a normal box...
    in Magic Comment by th3y April 2020
  • This box [probably shouldn't blame the box] is pretty bad... No two nmap scans are the same.
    in ServMon Comment by th3y April 2020
  • On root while fuzzing something, just found a file named t** with t****e inside, but no idea what I did that made that... Any nudges are appreciated.
    in Patents Comment by th3y January 2020
  • Type your comment> @blink3r said: (Quote) It's a doozy... If you want to work together, PM me. I could definitely use help. I found the hidden stuff with a nudge from @clubby789 and I'm looking through it now.
    in Patents Comment by th3y January 2020
  • Super stumped on root...
    in Patents Comment by th3y January 2020
  • Got user.
    in Patents Comment by th3y January 2020
  • Finally got initial foothold. Looking for user now.
    in Patents Comment by th3y January 2020
  • Did not really care too much for initial foot hold. I liked root. Got the flag, but also got a root shell through my existing session. You can execute commands, so what could you do? The possibilities are endless... User: The commands listed on the…
    in AI Comment by th3y January 2020
  • For root: when you find the tool you need, it only needs very minor tweaks to work. Thanks to @ssklash for the tip.
    in Monteverde Comment by th3y January 2020
  • https://guif.re/ Lots of excellent info on there. Personal advice: * I would use a mainstream OS that just works in case you have tech issues with proctoring if you don't already run something in that category. * Also, if you don't decide to do t…
  • lol @VbScrub I have read that article like ten times, and now it makes sense. haha Thanks!
    in Monteverde Comment by th3y January 2020
  • @VbScrub I found a way into the database but I don't see anything terribly useful. I would also like to know if I'm just overlooking something...
    in Monteverde Comment by th3y January 2020
  • @OxLumens You are doing the right thing, you just need to try it on the right service with the right tool and then enumerate that service a bit more.
    in Monteverde Comment by th3y January 2020
  • Anyone got any good reading that may relate to root?
    in Monteverde Comment by th3y January 2020
  • Type your comment> @lowtoe said: (Quote) One of the most common network services.
    in Monteverde Comment by th3y January 2020
  • https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002) Pay particular attention to what lazy sysadmins might do when they create a new account.
    in Monteverde Comment by th3y January 2020
  • Type your comment> @n3m3n said: (Quote) I think you may have just a bit more enumeration to do. Try enumerating a very common service with what you have found.
    in Monteverde Comment by th3y January 2020
  • For user, think basic enumeration and basic tools. There is some guessing involved, but a simple for loop in bash is more than enough, and honestly isn't much faster than just manually testing.
    in Monteverde Comment by th3y January 2020
  • nvm.
    in Bankrobber Comment by th3y January 2020
  • Type your comment> @H4ck3d5p4c3 said: (Quote) https://docs.python.org/3/ is the authoritative source. https://www.freecodecamp.org/ https://www.youtube.com/sentdex https://www.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g
    in RE Comment by th3y January 2020
  • I think it would be cool to get a coupon code or something inside a root.txt file when you root a box as a surprise. Obviously not every box, but maybe a few of the hard/impossible boxes every so often.
  • Type your comment> @ryjjan said: (Quote) I'm thinking someone screwed it up since the original is now a python reverse shell pointed at someone's IP... I'd reset it but I used my reset for the day.
    in Obscurity Comment by th3y December 2019
Avatar

Howdy, Stranger!

Click here to create an account.