you might know, that an XSS on it's own won't be worth a thing: most often you want to forge this vulnerability into something different.
think about what kind of services (other than web) are running on the machine and then think about how …
and so, a wonderful journey finally comes to its end.
(ok, i did root it a week ago, but only had time now to write something nice)
i really love this machine and all its challenges. thanks @polarbearer and @GibParadox !
and i'm so glad i picked th…
have you run gobuster (or any other tool that can brute-force directories/files on a web server)? this might help tremendously :)
if you need more specific hints send me a DM.
but please explain what you did so far and what you want to do …
> @HomeSen said:
> Well, to be fair, it's a quite subtle issue. And many people still don't know that kind of attack (even though it already is quite old) ;)
whenever i see critical functionality (i.e. protecting confidentiality, integrity…
i really enjoyed all of the (different) challenges that machine provided. especially that last part which i have never done before.
thanks @sokafr for an absolutely amazing machine ;)
thanks to @MrR3boot for this very nice machine; i learnt something new today.
no additional hints from me at this point as this discussion already has enough ;)
if you need more/specific hints send me a DM with what you did/found so far and i'll b…
... where it belongs.
still very much the same today.
this is very crucial to keep remembering!
i guess, definitely less inclusive than this (i.e. HTB) community.
yeah ... so true! :/
it's probably just me; i had a lot of italian friends back home (not italy).
but you cannot eat out (in an italian restaurant) and not see Grappa on the menu or get one ("on the house") after you have paid the bill.
this was by far the hardest machine i have ever played on HTB.
i couldn't have done it without the knowledge and patience of @acidbat .
for me, with Windows machines there is often the additional burden of having to read Microsoft-written documenta…
it definitely is!
i hope i'll eventually get there (in terms of knowledge/competence) to give back to others what i have received from this community so many times.
until then, i can only thank you all :smile:
thanks to @TazWake i was able to get the user flag.
thanks to a tip from @gunroot i was able to go further.
thank you @Andres7ll for your patience in helping me figuring out the last steps to root.
respect to @MinatoTW and @MrR3boot for this amazi…
i just got the user flag but damn, this was hard!
* the issues i had at first (not being able to get what you need via r****) stem from the fact that i was using a private VPN and the VPN for HTB :confounded:
* then i fell into the rabithole :win…
what am i doing wrong here?
$ r**** [options] r****://unbalanced.htb:/<path> .receiving incremental file list
this has not changed since yesterday.
i can ping the machine and use its "web" service.
thanks for your help.