Last Active


  • Thanks to @willwam845 for this challenge! Some patience is required and nope, the solution cannot just be lifted off somewhere. Adapting and understanding is key.
  • Rooted! Foothold: Fuzz and pay attention to extensions. I remember also having to specify this particular extension for a box in recent months. Poke around and think about what is preventing you from using the usual tools. I wrote my own script whi…
  • Cool challenge. Finally some modern crypto here. No brute force required - just understand the attack and flip away.
  • Finally rooted! Initial foothold was rather circuitous and there were many blind alleys to go through - it took me days to get the initial shell while root took only about 1-2 hours. Foothold: Once you've found the H** that everyone is referring to…
    in Cache Comment by zelensky May 2020
  • This was the longest I ever took to get the user flag for a 20 point box. After all the dirbusting, getting the vulnerability to work correctly also required a fair amount of configuring and googling. The root method is similar to that in a recent …
    in Admirer Comment by zelensky May 2020
  • I used the online tool. Had to squint my eyes and try variations of the flag before I got the correct one.
  • Thank you @Xh4H for this challenge! It required a bit of basic socket programming before I was on my way to figuring out the flag. This is one of the rare few in the crypto category that has any relation and relevance to modern cryptography.
  • Finally rooted! I had much frustration with the Web UI and finally decided to go the API route after reading posts here. I had to read the docs, poke around, and put things together. I was unsure how to run it and took a stab in the dark...and got …
    in ServMon Comment by zelensky April 2020
  • This is quite a straightforward machine which I would recommend to anyone preparing for OSCP. I got user but not root yet because the machine is just so unstable and unresponsive.
    in ServMon Comment by zelensky April 2020
  • Type your comment> @hyperreality said: (Quote) I have to agree. I would very much prefer challenges about weaknesses in modern crypto and cryptanalysis. Just to add on, the RsaCtfTools is another good one in the set. Automated tools don't help …
  • Is there some special wordlist I should use? I have read the code and understood how the token is generated. My wfuzzing did not produce any hits. I am hesitant to use the r****** wordlist as the list generate from that seems to crash wfuzz.
  • Type your comment> @Rayz said: (Quote) Not really dead. I see that some writeups are protected with the Administrator's NTLM hash now.
    in Cascade Comment by zelensky April 2020
  • Got root, finally! For me, this box introduced new areas to read up on for AD. Type your comment> @orangehat said: (Quote) I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again di…
    in Cascade Comment by zelensky April 2020
  • I see there are two ways to get root: U**S** and TV. Did anyone try the U**S** way recently? It didn't work for me and I was wondering if this (probably unintended) method has been patched. Update: Never mind. The U**S** way still works. I ha…
    in Remote Comment by zelensky March 2020
  • Finally rooted! Many thanks to @snownoob for the nudge towards user! This has got to be one of the best boxes on htb imo. There were lots of learning points to take away, especially for the initial foothold - I had spent close to a week on it. Root …
    in Book Comment by zelensky March 2020
  • Type your comment> @TazWake said: > @khanafeer said: > > (Quote) > This, largely, depends on how you view the PDF. There are many ways round it other than using the default viewer built into Kali. While this frustrated me for a l…
    in Book Comment by zelensky March 2020
  • It looks like I need some hints for user here. I've got access to the admin panel and see the connection between that and an u****d function in the user panel. I've read a few writeups on exploiting this and got the box to "call back" to …
    in Book Comment by zelensky March 2020
  • I'm done with this box and got a root shell not long after getting user. I noticed one subtlety about modifying files towards the end and wondered why a certain approach worked but another did not. For those who have completed this box, I would be h…
    in Traceback Comment by zelensky March 2020
  • Alright. I've got the root flag the easy way but it seems from the posts in this thread that there is an alternative method which involves d**. I am definitely revisiting this box at a later point. If anyone can give a nudge on the d** method that w…
    in Resolute Comment by zelensky March 2020
  • I'm at the final mile. I've found the d*g password, accessed the high port service, run the new commands, and I know I have to download something, but I just couldn't figure how to. Nudges are much appreciated! Update: Many thanks to @Derezzed! Fo…
    in Nest Comment by zelensky February 2020
  • Type your comment> @Isyber said: (Quote) Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.
    in Json Comment by zelensky October 2019
  • Old box, but as I was trying to exploit it via the MS08-067 code from EDB, my initial attempts did not work (I chose XP SP0/SP1). Every time I ran the exploit, the service probably just crashed and I had to reset the machine. I then turned to metasp…

Howdy, Stranger!

Click here to create an account.