twypsy

About

Username
twypsy
Joined
Visits
84
Last Active
Roles
Member

Comments

  • My hints for user : -Read the output carefully. -When you find something useful, you should try it in different places. My hints for root : -Research the system, and you will find something useful. -Research again and you will find about a vuln…
    in Resolute Comment by twypsy December 9
  • .
    in Resolute Comment by twypsy December 9
  • Type your comment> @jinie said: (Quote) You did it the right way definitely. The other path required taking the box out of the obscurity.
    in Obscurity Comment by twypsy December 1
  • Type your comment> @GPLO said: (Quote) It's a secret directory, and under it you should find the py file you are looking for. Use a common wordlist, no need to go with big ones. Just in case, check you are using port 8080 and not 80.
    in Obscurity Comment by twypsy December 1
  • @idomino said: (Quote) To be honest, I don't give credibility to any comment in HTB regarding the difficulty of a machine, and I might suggest the same to anybody who joined HTB recently. What seems easy now, might not have seemed easy in the past.
    in Obscurity Comment by twypsy December 1
  • Nice box, I enjoyed getting user. Type your comment> @B3LL4T0R said: (Quote) The first part is pure CTF. Focus on the message in the main page. (Quote) Focus on a function you would like to exploit. From there, develop your attack. Trying it…
    in Obscurity Comment by twypsy December 1
  • As far as I am concerned, it's simply a list of binaries that could lead to priv escalation. https://gtfobins.github.io/ Use the search bar in order to check specific binaries. E.g https://gtfobins.github.io/gtfobins/more/ It's public informatio…
    in Gtfobins Comment by twypsy November 21
  • Type your comment> @pentester94 said: (Quote) People in OSCP reddit seem to be using it. https://www.reddit.com/r/oscp/search/?q=pspy&restrict_sr=1 Maybe you can contact them to confirm, but since it's not a tool related to automated explo…
  • Type your comment> @jklmnop said: (Quote) Hashcat (Quote) No, more simple than that. (Quote) Read the documentation. Read the configuration file. You should see something interesting.
    in Traverxec Comment by twypsy November 18
  • Hints for user : -Once you are in, read the manual. Read it till you find something interesting. Hints for root : -The answer is in front of you the moment you get user. I went down a rabbit hole and I can understand why people might overthink it…
    in Traverxec Comment by twypsy November 17
  • Finally rooted. My hint for root. -Check the different folders till you find something interesting, then try to form a connection. -Most of the times there's a Linux alternative to work with certain proprietary Microsoft files. However, I wasn't …
    in Sniper Comment by twypsy November 16
  • Type your comment> @bumika said: (Quote) I feel I am closer then. Thank you, I will try again today. EDIT No luck still. I am wondering if the pair of creds are a rabbit hole. EDIT2 Thank you @Rholas I was missing one tiny part in my approach.
    in Sniper Comment by twypsy November 14
  • Type your comment> @k3tchup said: (Quote) Same spot as you. I would appreciate a nudge. I played with Powershell without luck. * InvokeCommand gives me errors despite using correct credentials * Not able to send a reverse shell through that u…
    in Sniper Comment by twypsy November 14
  • Hints for root : * Enumerate processes. * Research about them in order to understand what's going on. * Eventually while researching you will find a vuln. The exploit was unstable for me and it took some time to get it to work. It's just a matt…
    in AI Comment by twypsy November 11
  • Thank you to @0PT1MUS for the hints provided. My hints for user : 1º You can use TTS, or record yourself with a mic. There are different online TTS services available, but only one worked for me in the end. I would share the name, but apparently i…
    in AI Comment by twypsy November 11
  • Type your comment> @zkvo said: (Quote) In that page, there's one big hint in the bottom.
    in AI Comment by twypsy November 10
  • .
    in AI Comment by twypsy November 10
  • My hints for root : Don't be discouraged by the executable file. You don't need to be experienced in RE. I used Wine32 + ollydbg. Check the ASCII strings in order to understand the purpose of the different functions. Then take a break, and go slo…
    in Bitlab Comment by twypsy November 9
  • My hints for user. 1º There's one evil function that can be abused. 2º If your reverse shell dies fast, try with a different one. No need to complicate things. @birb said: (Quote) You are getting an exception since you are doing something the ap…
    in Craft Comment by twypsy November 9
  • Hi! Here are my hints ... User: 1º It's important to enumerate in this box, but Dirbuster won't lead you where you need. 2º When you are starting with one HTB machine, it's a good practice to try the Vhost (name of the machine) + .htb. In some i…
    in Mango Comment by twypsy November 8
  • (Quote) Have you converted it to the proper format? It should work with rockyou (Quote) I suppose you are trying your attack in the root directory. Search for another directory where your attack would work.
    in Postman Comment by twypsy November 5
  • My hints. User: 1º The obvious exploit is not going to work. 2º Read articles about the vulnerability, and you will find an alternative approach. There are tons of articles about it. 3º Once you do your research, remember that not all home direc…
    in Postman Comment by twypsy November 5
  • Edited
    in Forest Comment by twypsy October 31
  • I am in the same spot since yesterday. I couldn't work with the retired machines I was previously working on, so I moved to an active one (Forest). I came back today, and again the same issue, plus I can't work on Forest. EDIT I switched to anothe…
  • I am facing the same issue as well with Windows retired machines since today. I am trying to ping them without success. All the retired Windows machines I've been trying to access seem to be down in VIP server.
  • Sorry for the repost, but I would like to make a comment regarding Beep and the SSL problem, in case it might be useful for somebody in the future who is training in the retired machines. I struggled with SSL problems trying to use the most obvious…
  • Type your comment> @n4v1n said: (Quote) I think it's us pressing F5.
  • Type your comment> @djbrains said: (Quote) Thank you. I hope it gets back today sooner or later ...
  • Type your comment> @djbrains said: (Quote) Are you able to enable a machine and work on it? I am trying to login just for that purpose, but no luck still.
  • It's down for me as well ...
Avatar

Howdy, Stranger!

Click here to create an account.