Last Active


  • Very enjoyable, useful skills / lessons from this machine: User: Manual enumeration of web pages/directories when the host is using effective protection against mass scanners / brute-forcers. Root: The importance of GROUP in the Linux file permiss…
    in Writeup Comment by wat3r August 2019
  • Great box IMHO. A great exercise for someone new to binary exploitation like myself. Some advice: User: I had trouble finding the correct commands to send what I needed to send to the binary. The "cat" command without a file name reads fr…
    in Safe Comment by wat3r August 2019
  • A useful lessons with this box: Finish your enumeration thoroughly, methodically and patiently to display all possible routes in, before moving to try and exploit - otherwise you will miss things out and give yourself a real pain when things don't w…
    in Luke Comment by wat3r August 2019
  • Clue is in the title for this one. Quite a fun machine in my opinion, especially root. My hints: User: Research the API/db in use patiently so you can interact with it effectively - including default settings. Then you can solve the puzzle. Root:…
    in Haystack Comment by wat3r August 2019
  • Definitely one of my favourite machines so far, this one really forces you to understand all the pieces of the web-app it is running in order to get user. Hints I think may be useful: User - if you're struggling to get a proper shell back, it's al…
    in Craft Comment by wat3r July 2019
  • Got root. For me an enjoyable box. However the very first step was painful to see because it was so simple (strangely). After that, an interesting route with plenty to learn along the way. For priv-esc, patiently and diligently reading source code…
    in Fortune Comment by wat3r May 2019
  • I found this box teaches some valuable lessons - particularly the rule about Linux file permissions that priv-esc teaches. Also found the enumeration steps surrounding the website to be essential skills for anyone attempting bug bounties - as SSL c…
    in LaCasaDePapel Comment by wat3r May 2019
  • Type your comment> @PavelKCZ said: > One thing I would like to know. Is there someone with the OSCP certification ? > > How hard or simple is this box compared to boxes which are used during OSCP certification ? For the privileg…
    in onetwoseven Comment by wat3r May 2019
  • Definitely a difficult box - but rewarding and good practice of a load of techniques. Not quite root yet, but got user - if anyone needs a nudge give me a shout on PM.
    in onetwoseven Comment by wat3r May 2019
  • Type your comment> @plonk said: (Quote) Can anyone suggest a tool that can be used to interact properly with this service generally? Or is there some strategy at guessing what it wants? Would appreciate the help - either on here or in PM.
    in HackBack Comment by wat3r May 2019
  • Type your comment> @21y4d said: (Quote) I would say I agree with you. Would you mind sending me PM with useful links/references teaching the process both-sides, start to finish (if you know of any)? Cheers
    in Conceal Comment by wat3r May 2019
  • Type your comment> @Kalki said: (Quote) Look into mounting the share instead of just connecting with smbclient. This worked for me and I could get the file (after some time :) )
    in Bastion Comment by wat3r April 2019
  • Type your comment> @cbx said: (Quote) Me too - could someone PM me name of some useful software for this? Transfer with SMBclient fails even with various extra settings. Many thanks
    in Bastion Comment by wat3r April 2019

Howdy, Stranger!

Click here to create an account.