Last Active


  • @bw00lley thanks, I also discovered a similar (but longer!) curl method : $ curl -Gso /dev/null -w %{url_effective} --data-urlencode @- "" | sed -E 's/..(.*).../\1/' But the shortest I found was simply : $ jq -sRr @uri
  • Getting the string was easy, unpacking it was hard as I didn’t know about the first technique and am still a little unsure about the rules to apply. Lots of trial and error was required! A very frustrating step for me in an otherwise straightforward…
  • Quite mystified by what to do with all these digits in the code I've extracted, at first glance it would appear some substitution is needed, at least in order to close a few code loops possibly ? Any hints on how to proceed would be gratefully rece…
  • User was way harder than root, it seems I was still struggling with URL encoding and crafting input payloads to inject parameters. I hate having to load up BURP every time I want to encode a string.... Not a difficult box, but some opportunities to …
  • OK, that was pretty convoluted, I'd love to see how experienced hackers are analysing these! Some Procmon and manually feeding lines into powershell and seeing what they evaluate to, combined with some judicious cyberchef'ing solved it for me.
  • I was rather hoping I could complete this challenge without having to buy Microsoft Office, is there another way ?
  • Any hints you could offer me @CaJiFan ?
  • Environments were NOT the same! Lesson learned. Problem solved.
  • I'm confused, I'm testing a BOF, and successfully overwriting EIP in a VM, but doing the same on a physical box doesn't work? ASLR is off on both... Same length payload of 'A's, then 4* 'B', and 4* 'C's. On the VM : EIP gets 'BBBB', with ESP at …
  • Yeah, dont try this on an OS with case-insensitive filesystem :wink: !
  • This is fun, I knew nothing about Word files before looking at this. * I learnt a new tool exists, thanks Didier! * I see a long (46) 'Copy*****' string, but doesn't seem to be our flag, * I find some obfuscated code, but it doesn't look to do anyt…
  • Ahha, progress. I had to add "--timeout=3 --tries=1" as wget wasn't reaching my web service and was executing in place on the rails console borking the erb instance it seems.
  • I tried step by step with the h_c_eron_ page, and I also tried crafting a standalone ruby script.
  • Having zero luck getting the payload to hit a local web server. This one has bested me.
  • Yikes, this is not an easy box for me. I thought I had some plain ruby working for generating the payload, but it's just not accepted. The 'other' more convoluted doc*** route has also failed to generate a payload which works.
  • Yeah, standard unix tools will get you there, in a one-liner.
    in USB ripper Comment by trcm November 2020
  • Well I slept on it, and this morning I've got it :)
  • I have looked all over the company twitter feed, I've seen hints about one hire and one applicant, seen an email address. Thats it. Is my Twitter-fu really this bad?
  • for some reason I spent ages trying to munge things into binary, had to take a rest from it until I realised it was worth converting to decimal at which point it all clicked :blush:
  • This ones driving me potty. Even with the tips here I'm getting nowhere :{

Howdy, Stranger!

Click here to create an account.