trab3nd0

About

Username
trab3nd0
Joined
Visits
356
Last Active
Roles
Member

Comments

  • Haven't been around for a while. Nice to be back! Enough has been said already, but I'll still go ahead with my usual 2cents: Foothold: once you get to the file you need to see, it should be obvious what you need to inject User: it's just there wait…
  • Reminds me of one of the previous easy machines actually. Got foothold too, should be straightforward to everyone as it is very well described in a nice video out there. Anyway, wait until you finish it to say whether it's easier or not than the oth…
  • A nice box overall. Got me confused a bit (my comment above), but really enjoyed it. This was also the box that finally 'forced me' to set up a Windows attacking machine. Had to be done so happy about that. I think enough has been said about user, a…
  • What was troubling was that none of the serialization tricks worked for me, but anyway, I believe your explanation makes sense. Cheers.
  • Question: I only got user because I was told that the tool I had already used and thought was not going to help was indeed a route to user. Now can someone explain where you can see the justification for that tool being unable to run the simplest te…
  • Generated a valid token and stuck at the GET part. Hints anyone?
  • A bit CTFy. My 2cents: Foothold: play around with that parameter User: enum and pay attention to how the app is run, but it still won't make much sense at the end Root: a bit of further enum and a couple of OS-specific tools and you're done Also, I…
  • All I have been able to do is read the flag. it's all that is possible thru that "obvious" route anyway, if anyone of yous has gotten a root shell I'd love to hear about it (as in please provide a hint on how to get it). The usual 2cents: …
  • If not familiar with this, take some time to understand the type of weakness this is about and how it works. You'll then know what to google for and will find it straightaway. Otherwise, I agree with a few others in here, you might get lost in rabbi…
  • The vuln can be hard to find. For what is worth, when a vulnerability has a CVE documented by NVD, it'll show up after a search here: https://nvd.nist.gov/vuln/search - so worth a shot to see if there are potential candidates in there. The usual 2ce…
  • The flow is rather classic but the path is tortuous (at least it was for me). I needed hints, thanks @TazWake. For those who found @sparkla's script useful, check this one out https://github.com/mxrch/webwrap (a wee bit better). My 2cents (everythin…
  • Rating this box as easy is counterproductive. A proper rating is important not to discourage people (new and old!). Overall it was a nice box, except maybe the common message space (people looking at what others are doing - which is the idea of the…
  • An interesting box that allowed me to play around with a CI tool I wasn't familiar with. My 2cents: * Foothold: go back to that revision, and use the CI tool to get what you want * User: enum enum * Root: abuse that thing again
!
  • As usual, it was an opportunity to learn a bit more about certain technologies. My 2cents: * Foothold: the vulnerability should be obvious (although there are some unknowns there in terms of its requirements and the chance of success). The only dif…
  • (Quote) If system is not the objective, its access and privileges would be. But don't get me wrong, the rest was good fun. (Quote) Fair enough.
  • I understand why people hate this machine (currently the worst-rated machine - the 'lanterne rouge' as the people of the tour de France will call it). My 2cents: * Foothold: from all the variants I know to download something only one has worked, s…
  • Wow, what a ride! I can't remember when I started it!! But it was a great learning experience. I guess I'm too late now to post my 2cents about it. I agree with @TazWake (unless you're one of the 'Gods' that rated the box as easy).
  • 'J'en ai chié' with this one! Congrats to the creators and thanks @TazWake for your help. As usual, there are plenty of comments but tbh I found most to be quite cryptic so I'm throwing in my 2cents. User: Use the service that is essentially a dire…
  • A great box, felt like eternity tho. A bit CTFy I believe and I'm not sure why it had the top mark in real-life like. Everything has already been said. My two cents: Foothold: enumerate - build that tool that supports that protocol - get in - exploi…
    in Quick Comment by trab3nd0 August 2020
  • I hate this box, it ruined my weekend! I learned few things tho. I'm not even going to go into the 'easy-not easy' debate, I find it silly that HTB allows authors to rate the machines and then ask us our opinion. Let the people decide. The authors a…
    in Admirer Comment by trab3nd0 July 2020
  • User was a breeze, all you need to do is already mentioned in there. Root is a bit tricky, a quick 2 steps process. And I had to experiment with different reverse shells to get it to work. Learned a thing or two. Thanks to the author(s).
    in Traceback Comment by trab3nd0 July 2020
  • It's all about enumeration from a to z. I can't say I enjoyed it but learned a couple of things.
    in Cascade Comment by trab3nd0 June 2020
  • Ok, I'm in the last bit but something ain't right! Got foothold, user, found the *.c** bit, created what I need using n*****g/O-M, but it keeps being deleted when dropped into the dir where the a-hole CEO asked for it. And it doesn't matter what goe…
    in Sniper Comment by trab3nd0 February 2020
  • Man, that was some serious learning. Not sure what to add to what has already been said. In short: For user: roast. For Root: exchange is your path, and don't rely on ready to use scripts, go thru the documented PoCs and you'll get there. Many th…
    in Forest Comment by trab3nd0 February 2020
  • A clever one! Wrecked my head with simple and smart tricks. Kudos @clubby789! Foothold: you know what you're looking for, use that! User: you can simulate locally if you want but you'll be able to construct something usable without that once you g…
  • A couple of hints: User 1: don't be lazy once you get the user/pass, others might be still in the same situation User 2: hidden stuff! Root: m********t will help you generate and deliver what you're after, then it's a piece of cake.
Avatar

Howdy, Stranger!

Click here to create an account.