xaif7aLe

About

Username
xaif7aLe
Joined
Visits
479
Last Active
Roles
Member

Comments

  • @Tw1st3dxF4t3 do you understand what that field you've modified is used for? if you want to discuss this in more detail just send me a private message.
  • (Quote) you might know, that an XSS on it's own won't be worth a thing: most often you want to forge this vulnerability into something different. think about what kind of services (other than web) are running on the machine and then think about how …
  • and so, a wonderful journey finally comes to its end. (ok, i did root it a week ago, but only had time now to write something nice) i really love this machine and all its challenges. thanks @polarbearer and @GibParadox ! and i'm so glad i picked th…
  • (Quote) have you run gobuster (or any other tool that can brute-force directories/files on a web server)? this might help tremendously :) if you need more specific hints send me a DM. but please explain what you did so far and what you want to do …
  • you definitely don't have to read *everything*; a single file will do. go back to you nmap result to know which one.
  • @FaguoZai just take small steps (this isn't a cryptic hint)
  • > @HomeSen said: > Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old) ;) whenever i see critical functionality (i.e. protecting confidentiality, integrity…
  • (Quote) ouch! never trust homebrewed "security" solutions (especially when it comes to ... that subject you were talking about) ;)
  • (Quote) i had the impression you were working on another machine :wink:
  • (Quote) same here. i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before. thanks @sokafr for an absolutely amazing machine ;)
  • Type your comment> @benjamin2000 said: (Quote) do you understand the relationship between the system where you uploaded stuff and the machine you want to attack (i.e. bucket.htb)? ;)
  • Type your comment> @ymousanon10 said: (Quote) and in this case it will be a text file (i.e. flag.txt) i hope i'm not spoiling anything
  • thanks to @MrR3boot for this very nice machine; i learnt something new today. no additional hints from me at this point as this discussion already has enough ;) if you need more/specific hints send me a DM with what you did/found so far and i'll b…
  • (Quote) :blush: i just wanted to make @PapyrusTheGuru happy :D
  • (Quote) ... where it belongs. (Quote) still very much the same today. (Quote) this is very crucial to keep remembering! (Quote) i guess, definitely less inclusive than this (i.e. HTB) community. (Quote) yeah ... so true! :/ (Quote) that's true;…
  • (Quote) :D (Quote) it's probably just me; i had a lot of italian friends back home (not italy). but you cannot eat out (in an italian restaurant) and not see Grappa on the menu or get one ("on the house") after you have paid the bill.
  • (Quote) ... and that it isn't such an obscure drink in italy/europe? ;)
  • (Quote) knowledge is still the best remedy against severe cases of a USA-centric worldview, no offense ;) (Quote)
  • this was by far the hardest machine i have ever played on HTB. i couldn't have done it without the knowledge and patience of @acidbat . for me, with Windows machines there is often the additional burden of having to read Microsoft-written documenta…
  • to whom it may concern: (Quote) please stop changing passwords for accounts other players are dependent on!
  • Type your comment> @PapyrusTheGuru said: (Quote) so true!
  • (Quote) it definitely is! i hope i'll eventually get there (in terms of knowledge/competence) to give back to others what i have received from this community so many times. until then, i can only thank you all :smile:
  • Type your comment> @OniNephilim said: (Quote) sure! just send me a DM with an explanation of what you did so far and what you think might be the next steps.
  • Type your comment> @VDoh said: (Quote) i would gladly help you. just send me a DM with an explanation of what you did so far regarding this machine.
  • thanks to @TazWake i was able to get the user flag. thanks to a tip from @gunroot i was able to go further. thank you @Andres7ll for your patience in helping me figuring out the last steps to root. respect to @MinatoTW and @MrR3boot for this amazi…
  • i just got the user flag but damn, this was hard! * the issues i had at first (not being able to get what you need via r****) stem from the fact that i was using a private VPN and the VPN for HTB :confounded: * then i fell into the rabithole :win…
  • @TazWake said: (Quote) i'm trying this right now (receiving incremental file list ...), although i doubt it will change anything. (Quote) unfortunately, no. @TazWake: thanks for your help
  • what am i doing wrong here? $ r**** [options] r****://unbalanced.htb:/<path> .receiving incremental file list this has not changed since yesterday. i can ping the machine and use its "web" service. thanks for your help. edit: one…
  • i clearly must be missing something here: why can i only access the h*** service via a (particular) CLI but not with a generic GUI (i.e. br*****)?
    in Magic Comment by xaif7aLe August 2020
Avatar

Howdy, Stranger!

Click here to create an account.