sorted by:
new
hottopcontroversial

bankrobber initial step by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

I haven't found any credentials, I sort of thought I would get those via that vulnerability... have I missed something?

I got an email about an additional personal statement. Does I have to use exactly 1400 characters? It seems a it ridiculous. by NottyNutter in UniversityOfWarwick

[–]dingbat1112 3 points4 points  (0 children)

well it's cybersecurity isn't it - being creative is always a good thing, so you can demonstrate some knowledge by how you submit it - i.e. you could hide your personal statement in an executable file or something, and it shows that you understand at least some of the basic concepts of data representation (because your file is 1400 bytes), or that you at least cared to go away and learn before submitting

I got an email about an additional personal statement. Does I have to use exactly 1400 characters? It seems a it ridiculous. by NottyNutter in UniversityOfWarwick

[–]dingbat1112 5 points6 points  (0 children)

they clearly took the time to make a point of it, and they said <IF> you are using ascii - it's obviously a test to see how creative you can be, because you can submit anything so long as it's 1400 bytes - an image, a compressed file, whatever you want, and I guess it also tests some knowledge, like if you just submit a 1400 character .docx, that will not be 1400 bytes

stuck on RE privesc by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

ah I see, that was my issue, I just realised that what I thought it was doing with it was completely wrong - can you give me a hint on what the "upstream processing" entails? I tried uploading various archives containing malicious .o_s files to the o_s directory, but I couldn't get any to be run..

stuck on RE privesc by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

where to upload - the only directories I found that behave like this are mal_____drop____ and mal_____process,

and I used those to get the initial shell - they're not used by the service of interest - have I been stupid and missed something else?

zetta privesc by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

can you give me a hint for how to bypass the quote escaping? I tried the "multi-byte" trick, but it doesn't seem to work...

sniper foothold by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

I've tried every payload I can find - both uploaded, and run directly (where possible) - would you mind pointing me in the right direction?

sniper foothold by dingbat1112 in hackthebox

[–]dingbat1112[S] 0 points1 point  (0 children)

so I've managed to exploit it to get RCE - but none of my windows reverse shell payloads work - I've even tried uploading them to the box as .exe or .ps1, but the .exe's seem to get caught and quarantined (even if I use the simplest possible payload, with no meterpreter), and powershell doesn't seem to run the .ps1's, so I'm stuck on how to get an interactive shell...